Bloghttps://content.pivotal.io/blog
Read blog posts on Pivotal's methodology, products, and technology.en-USSpring Cloud Services 3.0 Includes New and Improved Config Server
<p dir="ltr">Spring Cloud Services v3.0.0 is here! In this post, we&rsquo;ll describe what this means for developers and operators who are using <a href="https://pivotal.io/platform/services-marketplace/microservices-management/spring-cloud-services">Spring Cloud Services</a> with <a href="https://pivotal.io/platform">Pivotal Cloud Foundry</a>.</p>
<p dir="ltr">&nbsp;</p>
<h2 dir="ltr">Run SCS 3.0 Alongside 2.0.x</h2>
<p dir="ltr">First of all, if you&rsquo;re currently using Spring Cloud Services (SCS) v2.0.x or earlier it&rsquo;s important to note that Spring Cloud Services v3.0.0 can run alongside SCS v2.0.x if you want to continue using all your existing v2.0.x features. Here&rsquo;s why...</p>
<p dir="ltr">Since the current Service Registry and Circuit Breaker Dashboard services are not included in the SCS v3.0.0 release, you may continue to use these services via SCS v2.0.x. There are recommendations in the <a href="https://docs.pivotal.io/spring-cloud-services/3-0/">SCS v3.0.0 documentation</a> on how to migrate SCS v2.0.x Config Server instances to SCS v3.0.0.<br />
<br />
Note: In order to maintain the availability of current Service Registry and Circuit Breaker Dashboard capabilities in your marketplace, both the SCS v2.0.x and SCS v3.0.0 tiles should be deployed and used &ldquo;side by side&rdquo; in your PCF environment.</p>
<p dir="ltr">&nbsp;</p>
<h2 dir="ltr">An Inside Look at Config Server 3.0</h2>
<p dir="ltr">With this upgrade to SCS v3.0.0, we&rsquo;ve made several improvements to the Config Server. These enhancements provide better support for common enterprise development policies, practices, and procedures. All told, developers and operators now enjoy more control over how Config Server properties are managed on the PCF foundation.</p>
<p>&nbsp;</p>
<h3 dir="ltr">Highlights of the release include:</h3>
<ul>
<li dir="ltr">
<p dir="ltr">The Config Server now includes a &ldquo;mirror&rdquo; service. Configuration data is still sourced from Git repositories, but performance, availability, and governance have been improved by adding a mirror of the Git repository within the PCF foundation.</p>
</li>
<li dir="ltr">
<p dir="ltr">The way you refresh your Config Server configuration is changing. Operators or developers with sufficient access can control Config Server property updates via a new endpoint.</p>
</li>
<li dir="ltr">
<p dir="ltr">Support for <a href="https://pivotal.io/platform/pcf-components/credhub">CredHub</a> secrets management has been added to Config Server (in addition to Vault). Each Config Server service instance will have a secured path for secrets in the Pivotal Application Service (PAS) CredHub, which can be accessed via an API.</p>
</li>
<li dir="ltr">
<p dir="ltr">The way you commission new Config Server instances is changing to bring it in line with the Spring Cloud OSS approach.</p>
</li>
<li dir="ltr">
<p dir="ltr">SCS 3.0.0 no longer requires RabbitMQ for PCF and MySQL for PCF tiles.<br />
&nbsp;</p>
</li>
</ul>
<p dir="ltr">For more information about each of these changes, please read on...</p>
<p dir="ltr">&nbsp;</p>
<h4 dir="ltr">The Mirror Service</h4>
<p dir="ltr">You told us that many of you ran a large number of Config Server instances per PCF foundation. These instances typically were configured to use Git repositories from the same Git server. This could lead to a significant load on the Git server during a <a href="https://pivotal.io/platform/pivotal-application-service">Pivotal Application Service</a> (PAS) upgrade. Such an event causes each Config Server instance&rsquo;s backing application to be relocated onto a new cell. Since this is similar to an application restage, the backing application needed to re-clone the Git repository. Depending on the number of Config Server instances and their configured high availability count, this often caused a tremendous load.</p>
<p>To help mitigate this, in SCS v3.0.0, we&rsquo;ve introduced a new component, the Mirror Service, designed to cache your configuration and reduce this back-and-forth chatter significantly. The Mirror Service also increases the availability of the Git repositories configured on Config Server instances because it sits in between each instance and the corresponding external Git repository.</p>
<p>&nbsp;</p>
<p dir="ltr"><img src="https://lh6.googleusercontent.com/wAe-H5e7thInIVnme7gXuqLdjDiVi5ipoM7brNBZ2wgTJ-6X8eUMPcC2xIj4NIn9XxsMGDd8NJDMDpzhSVuI_NRONaGMFH4h5IibVytl4iGbV4oaVPVHely_Q-ByVzPeWetQKTDI" /></p>
<p dir="ltr">Caption: High-level architecture diagram showing Mirror Service management of multiple repositories from an external Git server on behalf of Config Server service instances and their associated PAS CredHub integration for managing secrets.</p>
<p dir="ltr">Please see the <a href="https://docs.pivotal.io/spring-cloud-services/3-0/common/config-server/index.html">SCS Config Server documentation</a> for more detailed information.</p>
<p dir="ltr">&nbsp;</p>
<h4 dir="ltr">Initiating Config Server Property Updates</h4>
<p dir="ltr">The Mirror Service is now configured as the source for Git repository properties. Consequently, all changes made in the external Git repository are no longer initiating periodic updates to each Config Server instance. Instead, an action is required by someone with sufficient authority to initiate the Config Server property update. This can be done via API using the `/refresh` endpoint on the Config Server&rsquo;s backing application. Please <a href="https://docs.pivotal.io/spring-cloud-services/3-0/common/config-server/managing-service-instances.html">read the SCS docs</a> to learn more about how to refresh the Config Server instance&rsquo;s mirror. This task can, of course, be automated if desired.</p>
<p dir="ltr">&nbsp;</p>
<h4 dir="ltr">Managing Secrets with CredHub</h4>
<p dir="ltr">Ever since CredHub&rsquo;s inception, there have been requests to add CredHub as a backend to manage secrets for Config Server instances. The recently released <a href="https://github.com/spring-projects/spring-credhub">Spring CredHub OSS project</a> is now adopted in SCS. It&rsquo;s configured to use the PAS CredHub instance to store secrets. Each Config Server instance comes with a CredHub path and authorized credentials to store secrets and provide them to client applications at runtime. Please read more about <a href="https://docs.pivotal.io/spring-cloud-services/3-0/common/config-server/managing-secrets-with-credhub.html">managing secrets via the Config Server backing application&rsquo;s API</a> in the SCS docs.</p>
<p dir="ltr">&nbsp;</p>
<h4 dir="ltr">Changes to Config Server Configuration</h4>
<p dir="ltr">There&rsquo;s a new service name for the SCS Config Server service: `p.config-server`. As a result, the way you provision a Config Server service instance via the PCF marketplace changes ever-so-slightly.</p>
<p dir="ltr">The Config Server service is still configured with Git repositories by providing the locations where the configuration properties are version controlled. But when providing multiple Git repositories to a single Config Server service instance, the format of this `composite` configuration has changed slightly to be in alignment with the Spring Cloud Config open source configuration format, which is:</p>
<pre class="prettyprint">
`{composite: [{&ldquo;type&rdquo;: &ldquo;git&rdquo;, ...}, {&ldquo;type&rdquo;: &ldquo;git&rdquo;, ...}, {&ldquo;type&rdquo;: &ldquo;vault&rdquo;, ...}]}`</pre>
<p dir="ltr">&nbsp;There are more details in the <a href="https://docs.pivotal.io/spring-cloud-services/3-0/common/config-server/managing-service-instances.html">documentation</a>.</p>
<p dir="ltr">&nbsp;</p>
<h4 dir="ltr">No More RabbitMQ or MySQL Tile Dependencies</h4>
<p dir="ltr">SCS 3.0 now offers a leaner installation profile and requires fewer dependencies to run. The new SCS service broker has been upgraded to use Reactive programming techniques to handle requests asynchronously. This negates the need for the RabbitMQ tile. In SCS v3.0.0, a MySQL database is deployed on the SCS service broker BOSH-managed VM. (A dedicated MySQL for PCF is no longer required.) The elimination of these tile dependencies allows SCS and other tiles to evolve independently!</p>
<p dir="ltr">&nbsp;</p>
<h4 dir="ltr">What&rsquo;s Next?</h4>
<p dir="ltr">There will be more exciting enhancements coming along in Spring Cloud Services later in the year. You can download the latest version of <a href="https://network.pivotal.io/products/p-spring-cloud-services">Spring Cloud Services from PivNet</a> and check out the <a href="https://docs.pivotal.io/spring-cloud-services/3-0/common/index.html">documentation here</a>. If you want to learn more about Spring Cloud, why not sign up for <a href="https://springoneplatform.io/">SpringOne Platform</a> in Austin, TX on October 7-10, 2019. You can get a discount on your ticket by using the code `S1P_Save200`. We&rsquo;d love to see you there!</p>
<p>&nbsp;</p>
https://content.pivotal.io/blog/spring-cloud-services-3-0-includes-new-and-improved-config-server
525982744Fri, 24 May 2019 14:36:08 -0400Chris SterlingSpring Cloud Data Flow 2.1 Centers on Upgrades to Guides, Docs, and Samples
<p dir="ltr">Thanks to the wonderful Spring Cloud Data Flow community, in our <a href="https://twitter.com/springcentral/status/1085191154251968513">recent survey</a>, we received lots of suggestions, comments, and feedback with regards to limitations in the reference guides, documentation, and samples for Spring Cloud Data Flow.</p>
<p><em>You asked us to make it easier to find solutions to your Spring Cloud Data Flow problems!</em></p>
<p>Consequently, the theme for the 2.1 GA release became &ldquo;helping the community and users,&rdquo; and today we&rsquo;re announcing a brand new <a href="https://dataflow.spring.io/">Spring Cloud Data Flow Microsite</a> to help developers get more from the product.</p>
<h2 dir="ltr">Background</h2>
<p dir="ltr">All the projects under the Spring umbrella have a significant presence in the community forums including StackOverflow, GitHub, Slack, and Gitter channels.</p>
<p>The projects in the Spring Cloud Data Flow (SCDF) ecosystem are well represented in all these community platforms. On any given day, you&rsquo;ll find the team busy answering community questions. We are proud to regularly engage with the community.</p>
<p>In answering community questions and customer support tickets, we noticed a high degree of context-switching was required between different projects, their reference guides, and the samples, in order to build streaming and batch processing solutions. This was consistent with the feedback you gave us in the survey results as well.</p>
<p>The main reason for all the context-switching is that there are various projects in the SCDF ecosystem, each of which evolves with different features and release cadences. SCDF brings them all together into a coherent set of developer tools to build, deploy, and manage streaming and batch data pipelines. Therefore, answering community questions typically involves pointing to various project-specific resources.</p>
<p>Is this a side effect to building SCDF as microservices based architecture? Perhaps. This architecture has brought us enormous new benefits due to the modular design. If you count <a href="https://spring.io/projects/spring-cloud-stream">Spring Cloud Stream</a>, <a href="https://spring.io/projects/spring-cloud-task">Spring Cloud Task</a>, <a href="https://cloud.spring.io/spring-cloud-skipper/">Spring Cloud Skipper</a>, and the other projects in the SCDF ecosystem, it&rsquo;d easily encompass over 100 releases in the last 1 year!</p>
<p>To minimize this context-switching and to promote the easy discovery of product capabilities, we realized that we needed to deliver a step-by-step developer guide to delve into new features, enhancements, and use-case possibilities.</p>
<p>The <a href="https://dataflow.spring.io/">Spring Cloud Dataflow Microsite</a> was born...</p>
<p><img alt="" src="https://content.cdntwrk.com/files/aHViPTYzOTc1JmNtZD1pdGVtZWRpdG9yaW1hZ2UmZmlsZW5hbWU9aXRlbWVkaXRvcmltYWdlXzVjZTMwZjk4NGE2YzEucG5nJnZlcnNpb249MDAwMCZzaWc9ZjIwNWUzZTA4NTE4M2MxMDgzNGU0OTg5MzUwZTYxZDk%253D" /></p>
<h2 dir="ltr">Our Goals</h2>
<p dir="ltr">The first and foremost goal was to go deeper as opposed to just highlighting the breadth of the features. Ultimately, we wanted to answer the questions that a developer would face when building streaming and batch processing solutions using SCDF. Building upon that thinking, we chose to start with some &lsquo;simple-to-complex&rsquo; scenarios in an incremental style so that folks can switch to the level that matches their familiarity. Lastly, we focused heavily on repeatability &mdash; code fragments, end-to-end samples, and recipes that a developer could learn in order to become proficient with Spring Cloud Data Flow in less time.</p>
<h2 dir="ltr">Other Notable Updates</h2>
<p dir="ltr">While the significant focus of this release was on the new Microsite, there were a few other notable improvements within the ecosystem&hellip;</p>
<ul>
<li dir="ltr">
<p dir="ltr"><strong>Spring Cloud Stream 2.2 GA: </strong>The primary goal was to elevate the Spring Cloud Function programming model in Spring Cloud Stream. A developed focused Spring IO blog is in the works, so stay tuned. The RabbitMQ, Apache Kafka, and Kafka Streams binders have had new feature improvements and validation through community contributions. Lastly, Kinesis binder recently also added the support for <a href="https://spring.io/blog/2019/05/13/spring-integration-aws-2-2-ga-and-spring-cloud-stream-kinesis-binder-1-2-ga-available">KCL/KPL and DynamoDB streams</a>.</p>
</li>
<li dir="ltr">
<p dir="ltr"><strong>Moving away from bit.ly for Bulk App Registration: </strong>For convenience, we have shipped bit.ly based shortened URLs to redirect to the bulk-registration property files that we host in Spring repository. This had brought a lot of complexity over the years, and we are happy to announce that we are moving away from bit.ly to replace that with URLs served from the Spring IO domain instead. Look out for the updated URLs in &nbsp;<a href="https://docs.spring.io/spring-cloud-dataflow/docs/current/reference/htmlsingle/#supported-apps-and-tasks">reference guide</a>.</p>
</li>
<li dir="ltr">
<p dir="ltr"><strong>Deployment Properties at Fingertips: </strong>The discovery of platform-specific deployment properties for the supported platforms were tedious. We have seen multiple reports of folks having trouble understanding how to override the deployment experience. It is now improved by a new dropdown in the UI to populate the deployer properties for the selected platform automatically. No more hunting down for properties from the docs/code, you can now choose from the dropdown.</p>
</li>
<li dir="ltr">
<p dir="ltr"><strong>Concurrent Task Launching Optimizations: </strong>Given the number of customers with filed-ingest use-cases in the cloud, we published a <a href="https://content.pivotal.io/blog/need-24x7-etl-then-move-to-cloud-native-file-ingest-with-spring-cloud-data-flow">reference architecture</a> to describe the end-to-end solution for Cloud Foundry and Kubernetes. One of the critical pieces in this architecture is the ability to rate-limit and throttle the concurrent task launches to avoid saturating the available resources. While the initial implementation worked for the new dataset, we <a href="https://gitter.im/spring-cloud/spring-cloud-dataflow?at=5c59640b975714406b99c920">received feedback</a> on the checkpointing mechanism towards the historical datasets. We have an improved solution that now measures the actual running tasks to make downstream decisions.</p>
</li>
<li dir="ltr">
<p dir="ltr"><strong>Docker Compose / Helm Chart Customizations: </strong>With growing demands for quick getting-started experience using SCDF&rsquo;s Docker Compose and the Helm Chart, we have added customizations to switch to different monitoring solutions and messaging middlewares.</p>
</li>
</ul>
<h2 dir="ltr">It&rsquo;s just the Beginning</h2>
<p dir="ltr">We are barely getting started on the <a href="https://dataflow.spring.io/">Spring Cloud Data Flow Microsite</a>. We are determined to continue investing in these learning materials in future releases. We wouldn&rsquo;t be able to do this without you, the community, customers, and the users, so please reach out to us in <a href="https://stackoverflow.com/tags/spring-cloud-dataflow/">StackOverflow</a>, <a href="https://github.com/spring-cloud/spring-cloud-dataflow">GitHub</a>, or <a href="https://gitter.im/spring-cloud/spring-cloud-dataflow">Gitter</a> if you see issues or if you have a new topic to include in the Microsite. Please note, <a href="https://github.com/spring-io/dataflow.spring.io">everything is plain markdown files</a>, and they get automatically generated as static web resources. It is set up to add and update by everyone quickly &mdash; we are looking forward to your contributions!</p>
<div>&nbsp;</div>
https://content.pivotal.io/blog/spring-cloud-data-flow-2-1-centers-on-upgrades-to-guides-docs-and-samples
525111259Tue, 21 May 2019 16:48:00 -0400Sabby AnandanSimplified Platform Networking with Pivotal Service Mesh, Powered by Istio and Envoy
<p dir="ltr">Why are <a href="https://istio.io/">Istio</a> and <a href="https://www.envoyproxy.io/">Envoy</a> worthy of all the buzz they receive? We&rsquo;ve written about <a href="https://content.pivotal.io/blog/happy-birthday-istio-a-closer-look-at-how-pivotal-is-embedding-the-service-mesh-to-cloud-foundry-kubernetes-and-knative">this previously</a>. The upshot: Istio and Envoy simplify the communications, security, and observability for microservices. They are particularly useful when you have microservices written in many different development frameworks (Java, Node, Python&trade;, etc).</p>
<center>
<blockquote class="twitter-tweet" data-lang="en">
<p dir="ltr" lang="en">Happy Birthday <a href="https://twitter.com/hashtag/Istio?src=hash&amp;ref_src=twsrc%5Etfw">#Istio</a>: A Closer Look at How Pivotal is Embedding The Service Mesh to <a href="https://twitter.com/cloudfoundry?ref_src=twsrc%5Etfw">@CloudFoundry</a>, <a href="https://twitter.com/hashtag/Kubernetes?src=hash&amp;ref_src=twsrc%5Etfw">#Kubernetes</a>, and <a href="https://twitter.com/KnativeProject?ref_src=twsrc%5Etfw">@KnativeProject</a><br />
<a href="https://t.co/Wv1U4tFk3b">https://t.co/Wv1U4tFk3b</a></p>
&mdash; Chris Sterling (@csterwa) <a href="https://twitter.com/csterwa/status/1033003864578961408?ref_src=twsrc%5Etfw">August 24, 2018</a></blockquote>
<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script></center>
<p>Now that many organizations have gotten a handle on <a href="https://pivotal.io/containers">containers</a> and <a href="https://kubernetes.io/">Kubernetes</a>, IT leaders are investigating the service mesh pattern. That means you&rsquo;re learning about Istio (the control plane) and Envoy (the sidecar proxy).</p>
<p>We&rsquo;ve been working with several customers on this service mesh concept for a while now. What have we learned so far? Customers want great outcomes, powered by Istio&trade; and Envoy&trade;.</p>
<p>It&rsquo;s not surprising when you think about it. Who doesn&rsquo;t want great business results, based on practical implementations of important open-source projects?</p>
<p>Here&rsquo;s are some of the outcomes we&rsquo;ve delivered so far:</p>
<p><strong>Greater routing guarantees and a stronger security posture.</strong> <a href="https://content.pivotal.io/blog/new-in-pcf-2-1-app-container-identity-assurance-via-automatic-cert-rotation">We released</a> TLS ingress down to the application container and greater routing guarantees powered by Envoy over a year ago.</p>
<center>
<blockquote class="twitter-tweet" data-lang="en">
<p dir="ltr" lang="en">Had a ton of questions recently about how <a href="https://twitter.com/pivotalcf?ref_src=twsrc%5Etfw">@PivotalCF</a> uses <a href="https://twitter.com/EnvoyProxy?ref_src=twsrc%5Etfw">@EnvoyProxy</a> for transparent TLS all the way to the app container, so I wrote up a blog post about it: <a href="https://t.co/xZVaVSkgkk">https://t.co/xZVaVSkgkk</a> <a href="https://t.co/hXYSdyIbYp">pic.twitter.com/hXYSdyIbYp</a></p>
&mdash; Eric Malm (@emalminator) <a href="https://twitter.com/emalminator/status/981926698353541121?ref_src=twsrc%5Etfw">April 5, 2018</a></blockquote>
<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script></center>
<p><strong>Simplified blue-green deployments. </strong>More recently, <a href="https://content.pivotal.io/blog/pivotal-cloud-foundry-2-5-istio-envoy-integration-weighted-routing-multi-port">PCF 2.5 included new weighted routing</a> for Pivotal Application Service (PAS) ingress with Istio and Envoy.</p>
<p>It&rsquo;s time to announce the next phase of our journey with Istio and Envoy: the Pivotal Service Mesh. We have exciting plans in store for this offering. The KubernetesⓇ (K8s) community will love the first problem we&rsquo;re tackling.</p>
<h2 dir="ltr">For Starters, Pivotal Service Mesh Aims to Automate Access to Your Kubernetes Clusters</h2>
<p dir="ltr">We all love a good shell script. If you&#39;re like most, you&#39;ve written scripts to set up ingress routing for Kubernetes cluster. Over time, this can become technical debt, and you want a more reliable approach. Enter Pivotal Service Mesh.</p>
<p>Pivotal Service Mesh seeks to completely automate this scenario. Deploy Pivotal Service Mesh alongside <a href="https://pivotal.io/platform/pivotal-container-service">Enterprise Pivotal Container Service</a> (PKS). Then, you simply set up DNS and load balancing once with a wildcard. After that, you can enjoy automated routing and load balancing to the K8s APIs of any clusters deployed with PKS, as well as to the workloads that run on them. As the commercial says, &ldquo;Set it and forget it!&rdquo;</p>
<p>This is a welcome solution especially for enterprises deploying Kubernetes across clouds. Sure, load balancers are just an API call away in public cloud deployments. That&rsquo;s not always the case with on-premises environments though. Pivotal Service Mesh is a single solution for all your environments!</p>
<p>This handy diagram shows what it does. Pivotal Service Mesh performs HTTP routing to API masters, and TCP Routing to the workloads themselves.</p>
<p dir="ltr"><img alt="" src="https://content.cdntwrk.com/files/aHViPTYzOTc1JmNtZD1pdGVtZWRpdG9yaW1hZ2UmZmlsZW5hbWU9aXRlbWVkaXRvcmltYWdlXzVjZTMwN2ZhNWM5NDMuanBnJnZlcnNpb249MDAwMCZzaWc9ZWE2OTYyZjJhMWRhZTZjMTc5MzU3YzMyZWViMWE3ZjU%253D" /></p>
<p>Here&rsquo;s how it works.</p>
<p>The ingress service for Pivotal Service Mesh watches the PKS API for cluster lifecycle events. When a cluster is created, the service will set up HTTP routing for a subdomain of the prerequisite wildcard DNS name to the new cluster. This enables cluster users to connect to the API of their cluster with the <code>kubectl</code> CLI (or another compatible client) without additional load balancer or DNS configuration.</p>
<p>Then, the service begins watching the API of each cluster for objects of the Istio <code>VirtualService</code> custom resource. When a <code>VirtualService</code> is discovered with an annotation indicating the user wants the workload to be accessible from outside the cluster, the service allocates a dedicated port on the platform ingress proxies for this workload. From there, it updates the object with the assigned host and port so the user can discover where their workload can be accessed. Upon receiving TCP connections on this port, the proxy establishes a backend TCP connection to the workload, enabling traffic from the client over any TCP protocol received by the workload.</p>
<p>Pivotal Service Mesh runs on Kubernetes. You can install it on your own K8s environment or run it atop Enterprise PKS for an automated &ldquo;Day 2&rdquo; experience. (We recommend the latter.)</p>
<p>The product is now available to Pivotal customers via an invite-only alpha, so <a href="https://pivotal.io/contact">reach out to your account team</a> if you&#39;d like early access.</p>
<p>Where do we go from here? We plan to extend Pivotal Service Mesh capabilities to other products in the PCF portfolio, enabling traffic management for multiple <a href="https://pivotal.io/platform/pivotal-application-service">Pivotal Application Service</a> (PAS) and PKS environments with a single service.</p>
<h2 dir="ltr">Avoid the Pitfalls of a Do It Yourself Service Mesh</h2>
<p dir="ltr">Lots of engineers are tinkering with Kubernetes, Istio, and Envoy. And by all means, experiment with this tech in your home lab! But as we like to say, smart people with important things to do choose a commercial platform, and then get on with the job of building great software. The same is true for a service mesh: choose your fully managed offering, then get on with delivering value for your organization!</p>
<p>We&rsquo;ve learned that very few organizations can succeed at scale with homebrew tech. <a href="https://content.pivotal.io/white-papers/the-upside-down-economics-of-building-your-own-platform">This whitepaper</a> captures what we&rsquo;ve heard from enterprises over the years.</p>
<center>
<blockquote class="twitter-tweet" data-lang="en">
<p dir="ltr" lang="en">Thinking of building your own application platform? Don&#39;t make any decisions on your platform strategy without reading the revised white paper: The Upside Down Economics of Building Your Own Platform: <a href="https://t.co/ALVwrPn0hn">https://t.co/ALVwrPn0hn</a></p>
&mdash; Pivotal (@pivotal) <a href="https://twitter.com/pivotal/status/1084907379391643649?ref_src=twsrc%5Etfw">January 14, 2019</a></blockquote>
<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script></center>
<p>More to the point, your CEO isn&rsquo;t going to say &ldquo;great job building a service mesh.&rdquo; Your leaders want outcomes, and you should too!</p>
<p>Speaking of outcomes, it&rsquo;s time to give Pivotal tech a spin.</p>
<ul>
<li dir="ltr">
<p dir="ltr">Request alpha access to Pivotal Service Mesh <a href="https://pivotal.io/contact">via this form</a>, or by reaching out to your account team.</p>
</li>
<li dir="ltr">
<p dir="ltr">Sign-up for a free trial of <a href="http://run.pivotal.io">Pivotal Web Services</a>.</p>
</li>
<li dir="ltr">
<p dir="ltr"><a href="https://springoneplatform.io">Register for SpringOne Platform</a> October 7-10 in Austin. It&rsquo;s where your peers will gather to discuss the latest open-source tech, development trends, and most importantly, business outcomes!</p>
</li>
</ul>
<p><strong>SAFE HARBOR STATEMENT</strong></p>
<p><small>This blog also contains statements which are intended to outline the general direction of certain of Pivotal&#39;s offerings. It is intended for information purposes only and may not be incorporated into any contract. &nbsp;Any information regarding the pre-release of Pivotal offerings, future updates or other planned modifications is subject to ongoing evaluation by Pivotal and is subject to change. All software releases are on an &ldquo;if and when available&rdquo; basis and are subject to change. This information is provided without warranty or any kind, express or implied, and is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions regarding Pivotal&#39;s offerings. Any purchasing decisions should only be based on features currently available. &nbsp;The development, release, and timing of any features or functionality described for Pivotal&#39;s offerings in this blog remain at the sole discretion of Pivotal. Pivotal has no obligation to update forward-looking information in this blog.</small></p>
<p><small>This blog contains statements relating to Pivotal&rsquo;s expectations, projections, beliefs, and prospects which are &quot;forward-looking statements&rdquo; and by their nature are uncertain. Words such as &quot;believe,&quot; &quot;may,&quot; &quot;will,&quot; &quot;estimate,&quot; &quot;continue,&quot; &quot;anticipate,&quot; &quot;intend,&quot; &quot;expect,&quot; &quot;plans,&quot; and similar expressions are intended to identify forward-looking statements. Such forward-looking statements are not guarantees of future performance, and you are cautioned not to place undue reliance on these forward-looking statements. Actual results could differ materially from those projected in the forward-looking statements as a result of many factors. All information set forth in this blog is current as of the date of this blog. These forward-looking statements are based on current expectations and are subject to uncertainties, risks, assumptions, and changes in condition, significance, value and effect as well as other risks disclosed previously and from time to time by us. Additional information we disclose could cause actual results to vary from expectations. Pivotal disclaims any obligation to, and does not currently intend to, update any such forward-looking statements, whether written or oral, that may be made from time to time except as required by law.</small></p>
<p><small>Kubernetes is either a registered trademark or trademark of the Apache Software Foundation in the United States and/or other countries. Istio is either a registered trademark or trademark of Google, Inc. in the United States and/or other countries. Envoy is either a registered trademark or trademark of The Linux Foundation in the United States and/or other countries. Java is a trademark or registered trademark of Oracle and/or its affiliates. Python is a trademark or registered trademark of the Python Software Foundation. Other names may be trademarks of their respective owners.</small></p>
https://content.pivotal.io/blog/simplified-platform-networking-with-pivotal-service-mesh-powered-by-istio-and-envoy
525104611Tue, 21 May 2019 16:21:00 -0400Shannon CoenPivotal and VMware Team Up To Simplify Trusted Third Party Ecosystem For Enterprise PKS
<p dir="ltr">Pivotal and VMware have teamed to simplify all things Kubernetes for the enterprise. Now, we&rsquo;ve joined forces to simplify how partner solutions are validated to run on Enterprise Pivotal Container Service (PKS).</p>
<p dir="ltr">VMware today <a href="https://blogs.vmware.com/cloudnative/2019/05/21/vmware-pks-partner-application-program/">announced</a> the <a href="https://code.vmware.com/programs/pks-partner-application">VMware PKS Partner Application Program</a>, which takes the first step towards creating a qualified group of independent software vendors (ISV) that test and fully support their products on <a href="https://pivotal.io/platform/pivotal-container-service">Enterprise PKS</a>. This new initiative provides ISVs in the <a href="https://www.vmware.com/partners/tech-alliance.html">VMware Technology Alliance Partner (TAP) program</a>, access to resources that will help them validate their solutions for <a href="https://pivotal.io/platform/pivotal-container-service">Enterprise</a> PKS using a pre-configured and ready-to-use test bed. &nbsp;</p>
<p dir="ltr">The &ldquo;Partner Ready-VMware PKS&rdquo; status earned by products successfully validated through this new program, will also be recognized by the<a href="https://pivotal.io/partners/programs/tech"> Pivotal Technology Partner Program (PTPP)</a>, so ISVs developing solutions for Enterprise PKS do not need to repeat the validation process with Pivotal.</p>
<p>&nbsp;</p>
<p dir="ltr">Technology partners enrolled in both programs can enjoy these three benefits:</p>
<ul>
<li dir="ltr">
<p dir="ltr">Differentiate your solution by displaying your validation status</p>
</li>
<li dir="ltr">
<p dir="ltr">On-ramp your solution via a streamlined process</p>
</li>
<li dir="ltr">
<p dir="ltr">Increase your exposure to the Kubernetes user community via both Pivotal and VMware programs</p>
</li>
</ul>
<h3 dir="ltr">&nbsp;</h3>
<h2 dir="ltr">Customers Are The Real Winners</h2>
<p>Enterprises are looking to extend their applications with trusted third-party tools that &ldquo;just work.&rdquo; This program offers up the assurance that ISV products and services they need can easily integrate with or run on their platform. As Brandon Zaharof from<a href="https://content.pivotal.io/podcasts/using-software-to-improve-medication-adherence-with-shields-health-solutions"> Shields Health explains</a>: &ldquo;When you&#39;re delivering a software as a service, via the cloud environment at a massive scale, making sure you are adhering to the highest standards, security and compliance is really essential. That&#39;s one key element that we really focus on...and a number of other third-party systems that we use, in order to make sure our data is secure.&rdquo;</p>
<p dir="ltr">Therefore, platform engineers have often struggled to deliver an automated, service catalog of add-on capabilities for development teams to consume. They have to manage a number of integrations on a team by team, app by app basis. All of that leads to complexity that hinders productivity. Thanks to this new program, enterprises can now:</p>
<p dir="ltr">&nbsp;</p>
<ol>
<li dir="ltr">
<p dir="ltr">Connect to an array of curated, best-in-class, complementary 3rd-party solutions that have been validated.</p>
</li>
<li dir="ltr">
<p dir="ltr">Provide developers with solutions to address various aspects of the application lifecycle, from coding and testing to release and maintenance, so they are empowered to quickly build and deliver next-generation cloud-native workloads.</p>
</li>
<li dir="ltr">
<p dir="ltr">Scale security, governance and compliance capabilities to the enterprise to serve as force multipliers of automation, productivity and value.</p>
</li>
</ol>
<p dir="ltr">&nbsp;</p>
<p dir="ltr">Congratulations to Aqua Security, Cloudbees, Crunchy Data, Twistlock, and Pivotal Greenplum who have already validated their solutions for Enterprise PKS through this program. We look forward to many more new and existing partners in the pipeline to take advantage of this resource in the coming weeks.</p>
<p dir="ltr">&nbsp;</p>
<p dir="ltr">To learn more, please check out the following resources and reach out to the <a href="mailto:isv@pivotal.io">Pivotal ISV team</a> for next steps</p>
<ul>
<li dir="ltr">
<p dir="ltr">Join the <a href="https://www.vmware.com/partners/tech-alliance.html">VMware TAP program</a></p>
</li>
<li dir="ltr">
<p dir="ltr">Review the <a href="https://code.vmware.com/programs/pks-partner-application">&nbsp;VMware Enterprise PKS Partner Application Program</a></p>
</li>
<li dir="ltr">
<p dir="ltr">Review the <a href="https://pivotal.io/partners/programs/tech">Pivotal Technology Partner Program (PTPP)</a></p>
</li>
</ul>
<p>&nbsp;</p>
https://content.pivotal.io/blog/pivotal-and-vmware-team-up-to-simplify-trusted-third-party-ecosystem-for-enterprise-pks
525096034Tue, 21 May 2019 15:33:00 -0400Kamala DasikaAnnouncing Pivotal Cloud Cache v1.7
<p dir="ltr">Using Pivotal Cloud Cache (PCC) just got easier. Now, your developers can use your existing OAuth 2 compliant corporate directory to store and manage credentials to PCC instances.</p>
<p dir="ltr">Why does this matter? The integration with OAuth 2 extends centralized credential management for PCC. And this, in turn, increases your security posture. You have a single place that kicks-off workflows to secure your clusters. You don&rsquo;t have rogue credentials floating around in YAML files. Centralized management also enables efficient credential rotation. And you can easily encrypt these secrets.</p>
<p dir="ltr">Here&rsquo;s how the new OAuth 2 integration works.</p>
<p dir="ltr">Now, PCC credentials can be accessed from OAuth 2 compliant corporate directories like <a href="https://github.com/cloudfoundry/uaa">UAA</a>, <a href="https://www.vaultproject.io/">Vault</a>, or systems that use <a href="https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol">LDAP</a>. Remember the Credhub integration we added in PCC 1.5? Now, you can simply connect to your OAuth 2 compliant corporate directory, and manage your credentials there. This will be a big time-saver for you!</p>
<p dir="ltr">&nbsp;</p>
<h2 dir="ltr">With Any Data Service, Security is Paramount</h2>
<p dir="ltr">We&rsquo;ve delivered several useful data protection and security capabilities for PCC in recent months. Here are a few of our favorite PCC roadmap items that provide you with a platform managed service that is secure and protects the integrity of your data.</p>
<p>&nbsp;</p>
<h3 dir="ltr">Credential Management via CredHub</h3>
<p dir="ltr">Credential rotation prevents intruders from accessing sensitive information by using ill-begotten credentials. It reduces the window of vulnerability by changing credentials frequently, a huge benefit given the number of credentials that the platform uses internally, in addition to the user provided credentials. (Also<a href="https://content.pivotal.io/blog/pivotal-cloud-cache-adds-tls-secrets-management-with-credhub-to-keep-your-cache-secure"> introduced in PCC 1.5</a>.)</p>
<p>These measures build on our overall <a href="https://pivotal.io/platform/security">focus on security</a> for the platform. We make it easy to apply patches and address critical vulnerabilities and exposures (CVEs) with zero downtime. Advanced persistent threats, like malware that has been left behind by an intruder, can be removed by frequently repaving the system, i.e. returning the platform to a known good state without any downtime.</p>
<p>&nbsp;</p>
<h3 dir="ltr">Protect Against Availability Zone Failure</h3>
<p dir="ltr">PCC now spreads multiple service instances across different availability zones, protecting from availability zone failures. (Released in <a href="https://docs.pivotal.io/p-cloud-cache/1-6/release-notes.html">PCC 1.6</a>.)</p>
<p>&nbsp;</p>
<h3 dir="ltr">Data Persistence</h3>
<p dir="ltr"><a href="https://content.pivotal.io/blog/announcing-pivotal-cloud-cache-v1-3">PCC v1.3</a> added data persistence so that data in-memory is also stored on persistent disk. A write to memory is synchronously written to PCC&rsquo;s optimized, local, disk-based file system, so that writes are never lost. If an entire PCC cluster fails, BOSH will recreate the VMs from the persistent disk. From there, PCC will load all the data from the disk into the cluster.</p>
<p>&nbsp;</p>
<h3 dir="ltr">Transport Layer Security Encrypts Traffic in Transit</h3>
<p dir="ltr">TLS encrypts the payload on the network preventing bad actors from getting direct access to sensitive information. The certificates that are needed to encrypt data in motion are managed by the platform. All interactions with the cluster can occur over encrypted channels by using a single/simple command to enable TLS. (Introduced in <a href="https://content.pivotal.io/blog/pivotal-cloud-cache-adds-tls-secrets-management-with-credhub-to-keep-your-cache-secure">PCC 1.5</a>)</p>
<p>&nbsp;</p>
<p dir="ltr">We&rsquo;re taking a holistic approach to security, so you can benefit from defense-in-depth capabilities.</p>
<h2 dir="ltr">Learn More</h2>
<p dir="ltr">For deeper coverage of security-related topics, you won&rsquo;t want to miss the <a href="https://springoneplatform.io/">SpringOne Platform Conference</a>, at which there will be several sessions on the topic of security. The conference will also feature several sessions on in-memory caching for microservices architectures. Many of these sessions are part of our annual <a href="https://springoneplatform.io/2019/geode">Apache Geode Summit</a>, which starts on Monday Oct 7th - the first day of the conference. <a href="https://springoneplatform.io/register">Register now</a> - early bird discounts still apply.</p>
<p>&nbsp;</p>
<p dir="ltr">The PCC documentation provides details on how to <a href="https://docs.pivotal.io/p-cloud-cache/1-7//prepare-TLS.html">prepare your PCF foundation for TLS</a>, and how to <a href="https://docs.pivotal.io/p-cloud-cache/1-7//tls-enabled-app.html">develop an app that uses TLS</a>. The <a href="https://docs.pivotal.io/credhub-service-broker/index.html">Credhub documentation</a> goes over how to create and use a Credhub service instance.</p>
<p><br />
&nbsp;</p>
https://content.pivotal.io/blog/announcing-pivotal-cloud-cache-v1-7
523633114Wed, 15 May 2019 05:19:03 -0400Jagdish MiraniDigital Transformers Elevate Design
<p dir="ltr"><img alt="" src="https://d1fto35gcfffzn.cloudfront.net/uberflip/images/blog/Build-An-App.png" style="text-align: center; width: 100%; " /></p>
<p dir="ltr">&nbsp;</p>
<p dir="ltr">What&#39;s the most poorly designed thing you come across on a regular basis? For me, it&#39;s hotel showers. Awkward layouts and baffling mechanics make me question everything I know. Of course, you may answer this question with something broader, like the design of the car-buying process, or onboarding new employees.</p>
<p dir="ltr">Using technology to engage with customers is a <a href="https://content.pivotal.io/blog/digital-transformation-kubernetes">key part</a> of digital transformation. And not just any technology, but simple, useful technology. For large enterprises, this means taking a fresh look at the design discipline. That&#39;s not just smart, but necessary for success.</p>
<p>&nbsp;</p>
<h2 dir="ltr">Design Matters</h2>
<p>Design impacts your revenue, cost, and time to market, according to<a href="https://www.invisionapp.com/design-better/design-maturity-model/"> new research</a> from InVision. Similarly, the experts at McKinsey <a href="https://www.mckinsey.com/business-functions/mckinsey-design/our-insights/the-business-value-of-design">found that</a> &ldquo;the potential for design-driven [business] growth is enormous in both product-and service-based sectors.&rdquo; Design can be a significant differentiator in your attempt to attract and keep customers. Let&#39;s take a real-life example: In 2017, Liberty Mutual didn&#39;t let customers buy motorcycle insurance online. They wanted to change this. Their hypothesis was that if they invested in their online channel, it would lead to more sales. Instead of a lengthy requirements phase led by business leaders, the team followed a customer-centric design approach. They listened, experimented, collected feedback, and iterated. Within weeks they had a product worth launching, and saw an impressive conversion rate. Their design activities focused not only on the UI or layout&mdash;but the entire customer experience. Often, Pivotal&rsquo;s designers help our customers realize that the right research can help determine what the product becomes. At Liberty Mutual, they learned that asking about the motorcycle (year, make, and model) before asking for the customer&#39;s name increased the completion rate. This is real, bottom-line impact, all thanks to a design focused approach.</p>
<p dir="ltr">Read more of<a href="https://content.pivotal.io/blog/the-learning-never-stops-at-liberty-mutual-2"> the Liberty Mutual story here</a>.</p>
<p>&nbsp;</p>
<h2 dir="ltr">What Design is NOT</h2>
<p dir="ltr">I know what comes to your mind when you hear the word &quot;design.&quot; You immediately think of well-dressed free spirits who love coffee. While there&#39;s obviously an artistic, creative component to design work, it&#39;s more than just color schemes and page layouts.</p>
<p dir="ltr">Design also isn&#39;t something you outsource. You don&#39;t hand over responsibility to an outside agency to craft your new website or service and then toss their giant PowerPoint presentation to your development team to use as their guide. Nor is &quot;design&quot; a phase of the project lifecycle staffed by an isolated team within your organization.</p>
<p dir="ltr">Design is about creating products and services that people want to use. It requires a deep understanding of the customer&rsquo;s needs, broad knowledge of the business, and ongoing collaboration with product teams. You&rsquo;ve seen good, and bad examples of this. Shields Health Solutions studied why patients didn&rsquo;t stick with their treatment plans, and designed software that simplified the process. The <a href="https://pivotal.io/customers/shields-health">results are striking</a>. Unfortunately, bad design is still prevalent. You see this in office productivity suites, online forms, and mobile apps. In so many cases, we use technology that feels like it was designed by people who never talked to a human being, or understood the job to be done.</p>
<h2 dir="ltr">What Good Design Looks Like</h2>
<p dir="ltr">Good design is user-centered. It orients the product around the user instead of trying to change the user to fit the product.</p>
<p dir="ltr">Good design is driven by empathy. Designers build deep understanding of user motivation and needs. They use observation and active listening to accurately represent the customer&#39;s viewpoint.</p>
<p dir="ltr">Good design is evidence-based and methodical. It&#39;s not about gut-feel. Effective designers use first-party or third-party data and observations in their research. They use proven practices for exploration, hypothesis validation, and usability studies. They employ questionnaires, user flows, wireframes, and prototypes as descriptive artifacts.</p>
<p dir="ltr">Good design is non-stop. Designers are leaders who work alongside software team members to define MVPs, prioritize stories, iterate on UI/API/service design, and relentlessly advocate for users. Good design takes a look at the overall ecosystem and ensures the solution has a positive impact on other systems. It constantly evaluates the total customer experience.</p>
<p dir="ltr">&nbsp;</p>
<h2 dir="ltr">Scaling the Design Discipline</h2>
<p dir="ltr">How can you infuse the entire company with a design mentality? I&#39;d suggest you consider your staffing, your artifacts, and your commitment.</p>
<p dir="ltr">To truly adopt a design discipline and become customer-centric, you&#39;ll want to have senior leaders who embrace this journey. That might mean hiring new people to champion the change. You may have in-house staff ready to step up into design leadership roles. It&rsquo;s key to have those individuals learn how to speak in terms that the business understands and values. And your leaders must be committed to measuring the impact of design and defining the objectives and key results (<a href="https://en.wikipedia.org/wiki/OKR">OKRs</a>) that are aligned with the goals of the business. Either way, invest in people and training, as this is not just a title change for your business analysts or developers.</p>
<p>To improve adoption rates of any change within a company, you need a mechanism to scale. That may be in the form of design artifacts that people can easily learn from and use. One example? Design systems, sometimes referred to as style guides. Invest in a pattern library, shared set of style sheets, and other tools that make it easy for teams across the company to adopt a common look while avoiding duplication. Also consider centralizing artifacts such as research guidelines, or steps to conduct usability studies.</p>
<p dir="ltr">Finally, you need to broadcast your commitment. It means elevating design leaders to senior positions in the organization. It means using every opportunity to remind staff of accessibility needs and customer outcomes. It means making design an integral, required part of each software project and product. And it means communicating to everyone that you care about outcomes, not just features.</p>
<p>When you&#39;re good at design, you reduce risk. You have a better likelihood of shipping products and services that people actually want to pay for. The proof is there for the likes of Liberty Mutual and Shields Health Solutions. Pivotal has been at the forefront of <a href="https://pivotal.io/customers">helping enterprises design</a> useful software, and we can<a href="https://pivotal.io/labs"> do it for you too</a>.</p>
https://content.pivotal.io/blog/digital-transformers-elevate-design
521544676Tue, 07 May 2019 14:03:50 -0400Richard SeroterScaling Success with Growth Boards
<p dir="ltr">Organizations launch digital transformation efforts for different reasons: They want to enable quick exploration of a new business area, have their product teams stay relevant in a fast-moving industry, or have energetic leaders that come from companies that work differently, etc. Whatever the motivation, companies typically start transformation efforts with a small lab or incubator effort&mdash;and those efforts are often extremely successful.</p>
<p dir="ltr">Ironically, one of the most common roadblocks to a successful large-scale digital transformation occurs only after this initial success&mdash;when the enterprise tries to scale it. While it&rsquo;s possible to launch a global effort to remake the entire organization according to lean and agile principles, it&rsquo;s also possible to scale the success of individual agile teams without a universal overhaul. Growth boards are a lightweight practice for scaling the engagement and lean governance necessary to allow broader agile efforts to thrive&mdash;while systematically managing uncertainty.</p>
<h3 dir="ltr" style="color: rgb(85, 85, 85); font-size: 22px; line-height: 30px; margin-bottom: 1em; font-family: Lato, sans-serif;"><img alt="" src="https://content.cdntwrk.com/files/aHViPTYzOTc1JmNtZD1pdGVtZWRpdG9yaW1hZ2UmZmlsZW5hbWU9aXRlbWVkaXRvcmltYWdlXzVjZGIyMzBmMzJkZDEucG5nJnZlcnNpb249MDAwMCZzaWc9NGYxOTcyMzM5MDk4MDViM2EyMmZmODA4Yjc2NTE2MTc%253D" style="width: 800px; height: 450px;" /></h3>
<h3 dir="ltr" style="color:#aaa;font-style:italic;"><i style="color: rgb(34, 34, 34); font-family: Arial, Helvetica, sans-serif; font-size: small;">&quot;The term growth board can refer both to the growth board members themselves - a group of leaders making decisions about work efforts - or to the meetings they run.&quot;&nbsp;</i></h3>
<h2 dir="ltr">Agile Teams Need Agile Governance</h2>
<p dir="ltr">One key aspect of initial transformation efforts is that they&rsquo;re typically championed by someone in senior leadership. That executive focus gives them three important advantages: They&rsquo;re staffed with employees who are already excited about working in a new way, provided resources to accomplish a specific goal, and (importantly) separated and protected from most of the typical controls the organization has in place&mdash;often with one-time exceptions or other unrepeatable processes.</p>
<p dir="ltr">Scaling that transformation success requires that the organization build in repeatable ways to manage and interact with agile teams&rsquo; new ways of working. Typical approaches for scaling transformation include replicating/enlarging the incubators or labs, and/or moving &ldquo;transformed&rdquo; staff back to other groups and using them as viral force-multipliers. Either way, the scaling process often results in diminished direct leadership engagement and brings agile teams directly into the purview of traditional control and governance processes. Even when the organization&rsquo;s mindset and culture are supportive of scaling, these governance processes can overwhelm the new ways of working and cause transformation to wither on the vine.</p>
<p dir="ltr">This is because agile teams need different things from their surrounding organization than traditional teams do. Instead of relying on the enterprise to know the right things to build, agile teams need the ability to learn what to build by failing fast. Instead of one-time customer interviews or a third-party market analysis, agile teams need a repeatable cycle of customer feedback from which they can learn. Instead of delivering to a fixed specification, agile teams need the ability to pivot or persevere as necessary to solve problems and deliver on business value.</p>
<p dir="ltr">The surrounding enterprise, however, has the same needs of agile teams that it has of traditional teams: Enterprise leadership needs to be able to plan for resource allocation and business return at a macro level. Practically, this means leadership needs the ability to control the cost, security risk, and maintenance of the software that individual teams deliver; it needs the ability to plan for staffing and other monetary outlays; it needs the ability to update investors and stakeholders throughout the year.</p>
<p dir="ltr">These enterprise needs aren&rsquo;t inherently in conflict with lean/agile ways of working, even though it might seem that way at first. But, the ways the enterprise achieves those needs do need to adapt. Modern software teams think about their work in a different way, and that requires a different approach to governance.</p>
<h2 dir="ltr">Growth Boards Give Enterprises Agile Control&mdash;and Scale Engagement</h2>
<p dir="ltr">In his 2017 book The Startup Way, Eric Ries discussed growth boards as a way for organizations to simulate startup incubators within an enterprise. According to Ries, these in-enterprise &ldquo;VC firms&rdquo; facilitate interactions between lean/agile teams and their surrounding environment. From the enterprise&rsquo;s perspective, the growth board ensures that all teams have a single point of accountability that validates learnings and controls funding on a frequent, small basis (called &lsquo;metered funding&rsquo;). From the team&rsquo;s perspective, the growth board runs interference with the rest of the organization and can provide assistance with organizational hurdles in addition to providing funding.</p>
<blockquote>
<p dir="ltr"><em>Growth Boards&hellip; </em></p>
<p dir="ltr"><em>&hellip; are a cross-functional team focused on delivering business value. </em></p>
<p dir="ltr"><em>&hellip; do use data to make transparent pivot-or-persevere decisions about approaches to delivering value. </em></p>
<p dir="ltr"><em>&hellip; enable and encourage top-down and bottom-up collaboration on problems. </em></p>
<p dir="ltr"><em>&hellip; are not a siloed management team focused on status updates. </em></p>
<p dir="ltr"><em>.... do not give teams detailed requirements on solutions up front. </em></p>
<p dir="ltr"><em>&hellip; don&rsquo;t act as traditional top-down, command-and-control decision makers.</em></p>
</blockquote>
<div>&nbsp;</div>
<p dir="ltr">Most of Pivotal&rsquo;s customers haven&rsquo;t fully implemented all of the recommendations described in The Startup Way, particularly <a href="https://www.scaledagileframework.com/guidance-applied-innovation-accounting-in-safe/">around innovation accounting</a>. But even without sweeping organizational changes, growth boards offer a powerful tool for facilitating transformation at scale and can help organizations</p>
<ul>
<li dir="ltr">
<p dir="ltr">Make cross-functional, data-driven decisions to drive business value;</p>
</li>
<li dir="ltr">
<p dir="ltr">Enable technical decisions to be made by the teams doing the work while preserving strategic alignment with business goals;</p>
</li>
<li dir="ltr">
<p dir="ltr">Ensure they&rsquo;re succeeding (or failing) as quickly as possible, with the smallest possible amount of waste and risk.</p>
</li>
</ul>
<p dir="ltr">As Pivotal teams have worked with our customers to refine and tailor growth board practices, three key factors for success have emerged:</p>
<ul>
<li dir="ltr">
<p dir="ltr">The growth board should own a specific problem (or problem area) and understand how it aligns with top-level business objectives. For example, exploring opportunities in the &ldquo;buy online, pick up in store&rdquo; space as part of increasing sales by $30M for the fiscal year.</p>
</li>
<li dir="ltr">
<p dir="ltr">The board should be cross-functional, with all key stakeholders represented including leadership. For example, platform, information security, and accounting representation might be key for BOPIS concerns. &nbsp;</p>
</li>
<li dir="ltr">
<p dir="ltr">The growth board uses hypotheses, data, and learnings to ensure effort is continuously supportive of, and focused on, the growth board&rsquo;s business outcomes. For example, if quick initial feedback shows that most customers want to start the sales process online but complete in-store, efforts aimed at allowing mid-stream order handoff to in-store systems get prioritized over improving fully-online sales processes.</p>
</li>
</ul>
<p dir="ltr">It&rsquo;s likely that any enterprise will have multiple growth boards at multiple levels of the organization, focused on different business goals and operating for different lengths of time. For any individual growth board, the three practices above ensure that work within the board&rsquo;s problem space fails or succeeds as quickly as possible, maximizing the organization&rsquo;s learning while keeping leadership and employee engagement high. In this way, an enterprise can maintain control of multiple efforts without stifling autonomy.</p>
<p dir="ltr">Logistically, participating in a growth board requires leaders to think differently about their role. Rather than dictating solutions to the presenting teams, leaders present problems for the teams to solve, make decisions on general direction, and allow the teams to decide the specifics of how. Each leader on a growth board should commit to the following:</p>
<ul>
<li dir="ltr">
<p dir="ltr">Work collaboratively with teams to drive outcomes based on data. They should strive for honest conversation, commit to transparency, and be prepared to learn and work with their fellow board members.</p>
</li>
<li dir="ltr">
<p dir="ltr">The board should meet regularly enough that timely decisions can be made, but not so often that progress won&rsquo;t occur between meetings. This likely means at least quarterly, but not more than monthly, depending on the objective.</p>
</li>
<li dir="ltr">
<p dir="ltr">They must commit to attending in person rather than remotely or by sending representatives. This is crucial for maintaining engagement and focus.</p>
</li>
</ul>
<p dir="ltr">Teams presenting to the growth board should also think differently about their role in the conversation. Growth board meetings are opportunities for collaborative decision-making based on data, and all interactions should support those goals. This means that while growth board members do need to understand how a team&rsquo;s work fits into the broader enterprise picture and resources required, conversation must focus on the larger picture. The following information will be helpful:</p>
<ul>
<li dir="ltr">
<p dir="ltr">A reminder of how the initiative aligns with enterprise objectives,</p>
</li>
<li dir="ltr">
<p dir="ltr">A summary of outcomes and key learnings since the last meeting. This informs decisions, so should include all/only information relevant to the objectives. Crucially, the summary should include learnings from failure as well as success.</p>
</li>
<li dir="ltr">
<p dir="ltr">Any changes to expected cost and timeline based on those outcomes and learnings. &nbsp;</p>
</li>
<li dir="ltr">
<p dir="ltr">Finally, teams should be prepared with asks for the growth board&mdash;for example, the board may be able to provide input and context, decisions on funding or removing process roadblocks, etc.</p>
</li>
</ul>
<p dir="ltr">Focusing growth board sessions on hypotheses, outcomes, learnings, and needs&mdash;instead of status updates&mdash;is key to success. This movement away from traditional reporting practices to collaborative problem solving is what allows an organization to both give teams freedom to solve problems autonomously, and provide leadership and key stakeholders control over the solution space.</p>
<p dir="ltr">One special note: In the context of building a cloud-native platform capability, we always recommend that someone from the enterprise&rsquo;s platform organization sit on growth boards. <a href="https://content.pivotal.io/content-library/how-to-scale-devops-by-building-platform-teams">Dedicated teams focused on providing a single shared, self-service platform to product teams is crucial to digital transformation success</a>. Participating in growth boards gives the Platform organization a broad context of business objectives and team needs, and allows them to influence product direction and strategy. To continue with the BOPIS example from earlier, having Platform representation on the BOPIS board ensures that as soon as customer feedback about mid-stream order handoff is presented, the platform team understands those changing data requirements and can provide product teams with functionality and guidance.</p>
<p>&nbsp;</p>
<h2 dir="ltr">Growth Boards and Cybersecurity: Accelerating Cross-functional Relationships&nbsp;&nbsp;</h2>
<p dir="ltr">I wrote about &ldquo;getting a little agile&rdquo; in enterprise security practices in a previous <a href="https://content.pivotal.io/blog/smarter-cybersecurity-strategies">article</a>, and growth boards are a perfect place to put that agility into practice.</p>
<p dir="ltr">Information Security and other control groups within an organization are important stakeholders in nearly every major decision a company makes, and have clear mandates to protect their enterprise from risk. This can lead to siloed, sometimes adversarial relationships between the conservative risk-reduction control groups and the experimental risk-exploring product development groups. The reality is that any enterprise needs to strike an intelligent balance between exploration and protection. Growth boards are an ideal place to forge a more collaborative relationship.</p>
<p dir="ltr">Including cyber security staff in the growth board process allows them to proactively identify and help address risks ahead of time, as well as including them directly in any decisions to tolerate risk. This results in a smoother path to production for new code, without damaging the enterprise&rsquo;s risk decision process. Inclusion works at all of the different growth board levels of an organization:</p>
<ul>
<li dir="ltr">
<p dir="ltr">The Chief Security Officer should sit on your organization&rsquo;s executive-level growth board. When Line of Business leaders present new opportunities, they can identify systemic and/or market-based risks and work with the teams to mitigate them. This keeps the enterprise honest about potential costs, and paves the way for smoother interactions with the rest of the organization around success criteria.<br />
&nbsp;</p>
</li>
<li dir="ltr">
<p dir="ltr">At the line of business and portfolio levels, security leaders can provide more detailed inputs on issues like certification and accreditation requirements, or other security requirements necessary for success. These growth board members will understand how to build in security protections and guard rails from the ground up, and ensure the work gets done before final approval or deployment. &nbsp;&nbsp;<br />
&nbsp;</p>
</li>
<li dir="ltr">
<p dir="ltr">At the product level, security-knowledgeable growth board members ensure that best practices are followed and the correct collection of tests and pipeline safeguards are applied to keep the enterprise secure. They can also help proactively identify signs of failure or attack, so that operational resiliency is baked in from the ground up.</p>
</li>
</ul>
<p>&nbsp;</p>
<p dir="ltr">Even for organizations who aren&rsquo;t fully adopting lean/agile doctrine, growth boards provide an excellent venue for organizations to transform their internal security processes and relationships from siloed safety gates into collaborative forces for business value. And while cyber security is near and dear to my own heart, the same is true for other control groups within the organization as well.</p>
<p>&nbsp;</p>
<h2 dir="ltr">Getting Started &nbsp;</h2>
<p dir="ltr">Wherever your organization is in their digital transformation journey, growth boards are a key part of scaling your transformation success beyond the incubator phase. They offer a lightweight way of preserving and enhancing leadership engagement, maximizing conversations, and ensuring decisions are transparent and fully grounded in customer data.</p>
<p dir="ltr">By requiring and facilitating cross-functional decision making, growth boards ensure the organization finds repeatable solutions to key enterprise needs that are aligned with broader business strategy. In order to provide enterprises with the ability to achieve &ldquo;aligned autonomy&rdquo;, growth boards should be:</p>
<ul>
<li dir="ltr">
<p dir="ltr">Focused on a specific business goal or problem;</p>
</li>
<li dir="ltr">
<p dir="ltr">Cross-functional with all key stakeholders represented;</p>
</li>
<li dir="ltr">
<p dir="ltr">Rigorous in their use of hypotheses, data, and learnings to inform pivot-or-persevere decisions, and transparent about their process.</p>
</li>
</ul>
<p dir="ltr">These practices allow your growth boards to be a collaborative force, helping the whole organization quickly generate value&mdash;while breaking down silos along the way.</p>
<h3 dir="ltr">&nbsp;</h3>
https://content.pivotal.io/blog/scaling-success-with-growth-boards
521020453Sun, 05 May 2019 17:01:28 -0400Amy Herzog5 Tips for Modernizing Your Legacy Application: Lessons Learned at Discover
<p dir="ltr">After spending about 18 months working hard at modernizing the data services Discover uses to access big, monolithic, systems of record, I have some advice for anybody just getting started on that journey: Expect to be surprised, both by the simplicity of things that might seem hard, as well as the difficulty of things that might seem like no-brainers. And expect things to change along the way.</p>
<p dir="ltr">But do get started right away. Any early legwork is well worth it in the end. Here&rsquo;s my experience in working with Pivotal to improve our application stack and data service architecture at Discover.</p>
<h2 dir="ltr">This Time, We Mean Business</h2>
<p dir="ltr">So there I was, in June 2017, sitting in the annual technology strategy meeting listening to my CIO and vice president of architecture talk about our application modernization journey. I figured it would be like previous conversations we have had. As a company, we have had great success building scalable, flexible, consumer-facing applications around the edges and then connecting them up to the plumbing of all our legacy stack. This year&rsquo;s message was different, though.</p>
<p dir="ltr">They were talking about going full stack and including the legacy platforms and applications in their journey to agile, CI/CD-based development. They were talking about building and deploying changes to production in 24 hours or less&mdash;not just for the skinny edge / web apps, but for core capabilities. It sounded great, if not a bit optimistic.</p>
<p dir="ltr">I knew we were serious, and I knew it was the right and necessary thing to do. However, as a domain architect for a suite of monolithic, back-office systems of record with an average age of 10-plus years and production release schedules that ranged from semi-annually to monthly, I did start to freak out just a little bit. Mostly, I just had difficulty imagining how we might achieve it.</p>
<p dir="ltr">After giving it some thought and consulting with my peers, we decided to focus on the integration layer in between the dynamic, flexible systems of engagement and the more monolithic systems of record. Specifically, we wanted to stand up a series of functionally aligned, cloud-native data services in that middle layer. By choosing the right abstraction and creating smaller, more flexible, cloud-native bits only loosely coupled to the monoliths, we could enable speed and agility in that layer <a href="https://content.pivotal.io/blog/should-that-be-a-microservice-part-6-simplify-interactions-with-external-dependencies-aka-the-fa%C3%A7ade-pattern">while insulating the back-end system</a> from the demands and strains of high-velocity change. But we could still adapt to enhancements and improvements in the systems of record themselves, exposing them to other business and developer stakeholders quickly and easily.</p>
<p dir="ltr">Our choice for this new layer: Java/Spring on Pivotal Cloud Foundry for our API logic, and Pivotal GemFire/Apache Geode for our data abstraction layer. Building the new bits turned out to be surprisingly easy. Most of the work focused on reverse-engineering the existing logic and data, and decomposing things in a logical but useful way.</p>
<p dir="ltr">We also ended up changing how we thought about application development, in general, and transforming the processes and procedures we used to create and deploy working software. Previously, we would add onto or enhance the existing thing, and force every change through every control gate, process step, and manual governance checkpoint. We had &ldquo;monolith&rdquo; baked into our approach, not just into our technology.</p>
<p dir="ltr">Fast forward to our current state. It&rsquo;s amazing how liberating it was when we switched to building small bits of new things that largely stood alone. And that could be changed and deployed very quickly because they were only loosely connected to the big, old monolith.</p>
<h2 dir="ltr">Successful Modernization Means Putting In The Effort</h2>
<p dir="ltr">As I look back on our efforts over the last year or so&mdash;and on an entire process that kicked off in earnest in June 2017&mdash;I realize that much of what I learned revolves around the mentality, process and approach rather than around the technology stack and tools. In that context, here are five lessons that stand out as particularly valuable for transforming how your developers work, not just your applications.</p>
<p dir="ltr">&nbsp;</p>
<h3 dir="ltr">1.&nbsp; Spend The Time Up Front So You Can Start On The Right Foot</h3>
<p dir="ltr">I was initially surprised by how long it seemed to take to set everything up; give everyone access; and, as teams, reach consensus on objectives, standards and processes. I wanted to jump right in. But, luckily, we had some Pivotal folks embedded in our group who insisted we follow the agile methodologies and started us out with a couple of onboarding sprints.&nbsp;&nbsp;</p>
<p dir="ltr">As I look back, that investment of time laid the groundwork for an amazing combination of speed and quality once we got going. And it helped break folks out of their old habits and ways of looking at things as long, slow, water-fall type processes. We had trouble seeing the way things could be, until we stripped away the blinders we&rsquo;d always been wearing.</p>
<p dir="ltr">&nbsp;</p>
<h3 dir="ltr">2. Learn By Doing</h3>
<p dir="ltr">There&rsquo;s something truly liberating about wading into unfamiliar territory. You&rsquo;re forced to be open-minded, curious, flexible and collaborative, always asking yourself, &ldquo;Is there a better way to do this that maybe I don&rsquo;t&rsquo; know about?&rdquo; And as we continuously learned new things, we immediately shared them with the team.</p>
<p dir="ltr">Waiting for someone else to pre-solve all our problems&mdash;and then give us mature solutions and patterns with clear and unambiguous instructions&mdash;was precisely what had been slowing us down and reducing innovation.</p>
<p dir="ltr">Because we were using tools and platforms (PCF and GemFire) that were new to our operations groups, as well, this really became an interesting exercise. We had to align work and priorities with them so that we could both be more successful. I knew it was working when I was invited to their agile ceremonies almost as de facto product owner. It meant that instead of them deciding what I needed and waiting until they were ready to deliver it to me, they were listening to what I needed and setting their priorities and schedules around helping add value more quickly.</p>
<p dir="ltr">&nbsp;</p>
<h3 dir="ltr">3. Deliver Something, and Then Rework It As Needed</h3>
<p dir="ltr">This approach is definitely easier and better than trying to make everything &ldquo;perfect&rdquo; on day one. This flows from the &ldquo;definition of done&rdquo; that the teams agree to in the boarding phases. I quickly realized that most of the resistance to deploying something less than fully perfect came from the team&rsquo;s &ldquo;legacy&rdquo; understanding of implementing changes, which was sometimes viewed as time-consuming, uncomfortable, and carrying the potential to trip over long-buried technical debt.</p>
<p dir="ltr">However, using a platform like PCF along with our CI/CD pipelines made the refactoring so easy that we were actually able to embrace the concept of continuous delivery. Here&rsquo;s a great example: As we iterated with the platform team, the processes for deploying our APIs to production evolved. What started out as an hours-long process with multiple manual steps and hand-offs between groups ended up as an automated pipeline with minimal intervention, that only took minutes.</p>
<p dir="ltr">When a bit of old code that we hadn&rsquo;t touched for a while broke, we realized our deployment pipeline for that bit didn&rsquo;t work anymore. Our initial reaction was to ask the platform team for an exception so that we could get in our production fix quickly&mdash;because in our traditional approach, changing how we&rsquo;d deploy an application to production would take days or weeks. These days, we are able to spend just an hour or two refactoring our pipeline job and get the fix installed the right way that same day.</p>
<p dir="ltr">&nbsp;</p>
<h3 dir="ltr">4. Keep Your Head Up and Adapt</h3>
<p dir="ltr">Once we got into the process of working through our feature backlog, we realized that the ones we thought would be the most valuable sometimes were not. As we adapted to other work in flight and the demands of the consumers of our data services, we dropped some things, started on other things instead, and didn&rsquo;t let that bother us. The result is consumers banging down the door asking to consume our new APIs.</p>
<p dir="ltr">&nbsp;</p>
<h3 dir="ltr">5. Backward-Compatibility Comes At A Cost</h3>
<p dir="ltr">After trying to make our first new API plug invisibly into one of the biggest of our legacy, monolithic data services behind the scenes, we realized it didn&rsquo;t go so well. We ended up just tripping over tons of unsurfaced technical debt in the legacy service and eliminating newly exposed bugs for months after the install. From that point on, we committed to building out the new, more real-time capabilities only in the new bits and then requiring consumers to switch to the new bits if they wanted the new capabilities.</p>
<p dir="ltr">&nbsp;</p>
<h2 dir="ltr">Full Speed Ahead In 2019</h2>
<p dir="ltr">It&rsquo;s amazing how far we&rsquo;ve come in just 18 months, and how easy it was for our monolithic application developers to learn new things. Not only are they comfortable working with our PCF-based stack, but they have also become both experts and advocates for that transformation.</p>
<p dir="ltr">I can&rsquo;t wait to see what will happen in 2019, as we move further away from batch processes and into real-time processing, and as we successfully serve an ever-growing list of consumers for our modern data services.</p>
<div>&nbsp;</div>
https://content.pivotal.io/blog/5-tips-for-modernizing-your-legacy-application-lessons-learned-at-discover
515547277Mon, 15 Apr 2019 15:18:32 -0400Victor HansenPCF 2.5 Strengthens Istio and Envoy Integration, Brings Weighted Routing and Multi-Port Support
<p dir="ltr">The routing layer in <a href="https://pivotal.io/platform/pivotal-application-service">Pivotal&rsquo;s Application Service</a> (PAS) is an underappreciated piece of the platform. After all, it&rsquo;s responsible for all the traffic to and from your applications. At first, the routing tier did the basics: matching headers and passing along requests. As time went on, it improved. The router was rewritten in Go, becoming the &quot;<a href="https://github.com/cloudfoundry/gorouter" target="_parent">Gorouter</a>&quot;, largely for performance gains. A TCP router was added for non-HTTP(S) traffic. The team built websocket support. Piece-by-piece, routing in Cloud Foundry became more secure and <a href="https://www.cloudfoundry.org/blog/routing-performance-enhancements/" target="_blank">highly scalable</a>.</p>
<p dir="ltr">Lately, though, routing has experienced a revival, something more than just a steady flow of enhancements.</p>
<p dir="ltr">This reawakening is thanks to deeper integration with <a href="https://istio.io/" target="_blank">Istio</a> and <a href="https://www.envoyproxy.io/" target="_blank">Envoy</a>. As my colleague Jared Ruckle <a href="https://content.pivotal.io/blog/happy-birthday-istio-a-closer-look-at-how-pivotal-is-embedding-the-service-mesh-to-cloud-foundry-kubernetes-and-knative">described</a>, we laid out plans for four major enhancements to the Cloud Foundry routing tier:</p>
<ol>
<li dir="ltr">
<p dir="ltr">Mutual TLS between the Gorouter and application instances</p>
</li>
<li dir="ltr">
<p dir="ltr">Enhanced ingress routing</p>
</li>
<li dir="ltr">
<p dir="ltr">Enhanced app-to-app routing and load balancing</p>
</li>
<li dir="ltr">
<p dir="ltr">Deeper application security policies</p>
</li>
</ol>
<p dir="ltr">PAS 2.1 brought us&nbsp;<a href="https://docs.pivotal.io/pivotalcf/2-1/pcf-release-notes/runtime-rn.html#route-consistency">TLS integration</a> between router and application. This helped increase security by<a href="https://content.pivotal.io/blog/worried-about-header-spoofing-and-compromised-networks-fight-back-with-tls-in-pivotal-cloud-foundry"> ensuring every application&#39;s identity</a> as well as encrypting communication between router and application, marking PAS&rsquo;s first integration with Envoy. PAS 2.3 and 2.4 made this the expected behavior, emphasizing Pivotal&#39;s commitment to a platform that&#39;s&nbsp;<a href="https://content.pivotal.io/blog/runc-vulnerability-secure-by-default-platform">secure by default</a>.</p>
<p dir="ltr">With mTLS checked off the to-do list, PAS 2.5 brings us to point number two: enhanced ingress traffic. By this, we mean how your traffic gets routed through the layers of Cloud Foundry and to your application. While the guts of the router have improved, the developer couldn&rsquo;t necessarily benefit directly from this work. That changes in PAS 2.5.</p>
<p dir="ltr">Now developers can enjoy weighted routing (a beta feature) and multi-port support for their apps.</p>
<p dir="ltr">&nbsp;</p>
<h2 dir="ltr">Better Control Over Your Traffic With Weighted Routing</h2>
<p>There&rsquo;s more to deploying software than just pushing code and calling it a day. <a href="https://docs.pivotal.io/pivotalcf/2-4/devguide/deploy-apps/blue-green.html">Blue/Green</a> deployments, <a href="https://content.pivotal.io/blog/all-things-pivotal-podcast-a-b-testing-using-pivotal-cloud-foundry">A/B testing</a>, and gradual rollouts are increasingly popular, and for good reason.</p>
<p dir="ltr">No one likes it when deployments go wrong. But we&rsquo;re human, so mistakes happen especially when you ship code daily. The question is: what are your options when something does go wrong? Can we easily get back to a version that we know works? PAS has always had an answer for this scenario. But with weighted routing, these techniques become much easier to implement.</p>
<p dir="ltr">Previously, if you wanted to route traffic to two versions of an application, the solution was to map the same route to each. If you wanted to split traffic unevenly, say 90% to version 1 and 10% version 2, you would need to manually adjust the number of app instances. For every instance of version 2, you would need 9 instances of version 1 running. In some cases, this meant you may be running more instances than actually needed. In PAS 2.5, each route mapping now has its own weight. When you map a route to an application, the platform tells it (in relation to the&nbsp;other app) how much traffic it should receive. This is done largely in part thanks to Istio and the real-time flexibility it provides over routing traffic. Currently, the Istio-backed routing tier will run along-side the current routing tier and offered as a separate domain inside of PAS. Over time though, these will merge and become one.</p>
<p dir="ltr">Consider a more concrete example. Let&rsquo;s say we want to deploy a new version of our backend service, version 2, with some new features. This service handles a large number of requests and as such, we want to make sure it remains online and performant during the deployment. As usual, we&#39;ll deploy this independently of version 1, the current version running in production. (This move ensures that v2 is up and running as expected.) Before, we would either cut over to version 2 completely and all at once. Or, we would map our production route to both versions using several manual steps. Now, with weighted routes, we have a new option. We can gradually shift traffic from version 1 to version 2 by adjusting both of their route mapping weights.</p>
<p dir="ltr">We can add some numbers to this scenario to illustrate the concept. We&rsquo;ve already deployed two versions of our application, <code>my-app-1</code> and <code>my-app-2</code>, and mapped the same route to <code>my-app.example.com</code>. We&#39;ll start with giving the mapping for version 1 a weight of 9 and version 2 a weight of 1. Now, 90% of the traffic to this service to go to version 1, and 10% to version 2. We can specify this routing in the PAS API directly.</p>
<div dir="ltr" style="background:#eee;border:1px solid #ccc;padding:5px 10px;"><code>cf curl /v3/route_mappings/$(echo &quot;$(cf curl /v3/apps/$(cf app my-app-1 -- </code><code>guid</code><code> )/route_mappings |&nbsp; </code><code>jq</code><code> &nbsp;.resources[1].guid)&quot; | tr -d &#39;&quot;&#39;) -X PATCH -d &#39;{&quot;weight&quot;: 9}&#39;</code></div>
<p dir="ltr">There are a few things going on with this command. We can see that inline with the <code>cf curl</code> command, we&rsquo;re pulling the GUID of the route mapping to v1 of our application. Specifically, we&rsquo;re interested in the route <em><strong>mapping</strong></em>, the relationship between application and route. We update the configuration of this mapping, setting the &ldquo;weight&rdquo; value to &ldquo;9.&rdquo; We can observe, measure, and collect metrics from version 2, ensuring it&#39;s behaving as expected without sending too much traffic to our new version just quite yet.</p>
<div dir="ltr" style="background: rgb(238, 238, 238); border: 1px solid rgb(204, 204, 204); padding: 5px 10px; text-align: center;"><img alt="" src="https://content.cdntwrk.com/files/aHViPTYzOTc1JmNtZD1pdGVtZWRpdG9yaW1hZ2UmZmlsZW5hbWU9aXRlbWVkaXRvcmltYWdlXzVjYTI3NGVmOGVhYjIucG5nJnZlcnNpb249MDAwMCZzaWc9ZDUzMTY3YmM0NWQ4NjMwZTAzOWRmZDI3NjU3YzJlN2Q%253D" /></div>
<p dir="ltr" style="text-align: center;"><sub><em>We start by sending a small amount of traffic to version two.</em></sub></p>
<p dir="ltr">If everything goes well, we can proceed to give both routes a weight of 5 and split traffic evenly. We can observe how our new version performs under a greater load. Further, we&rsquo;ll continue to shift these weights to give version 2 a majority of traffic. If there&rsquo;s a hiccup or something doesn&rsquo;t go as expected, we can swap these weights back to instantly revert these changes.</p>
<div dir="ltr" style="background:#eee;border:1px solid #ccc;padding:5px 10px;"><code>cf curl /v3/route_mappings/$(echo &quot;$(cf curl /v3/apps/$(cf app my-app-2 -- guid )/route_mappings |&nbsp; jq &nbsp;.resources[1].guid)&quot; | tr -d &#39;&quot;&#39;) -X PATCH -d &#39;{&quot;weight&quot;: 9}&#39;</code></div>
<hr />
<div dir="ltr" style="background:#eee;border:1px solid #ccc;padding:5px 10px;"><code>cf curl /v3/route_mappings/$(echo &quot;$(cf curl /v3/apps/$(cf app my-app-1 -- guid )/route_mappings |&nbsp; jq &nbsp;.resources[1].guid)&quot; | tr -d &#39;&quot;&#39;) -X PATCH -d &#39;{&quot;weight&quot;: 1}&#39;</code></div>
<hr />
<div dir="ltr" style="background: rgb(238, 238, 238); border: 1px solid rgb(204, 204, 204); padding: 5px 10px; text-align: center;"><img alt="" src="https://content.cdntwrk.com/files/aHViPTYzOTc1JmNtZD1pdGVtZWRpdG9yaW1hZ2UmZmlsZW5hbWU9aXRlbWVkaXRvcmltYWdlXzVjYTI3NTE2OWYzZjEucG5nJnZlcnNpb249MDAwMCZzaWc9MjhkNTk0ZjAzMGIyOTg4NWFkMjc5MTk3NmJmNzU5NzA%253D" /></div>
<p dir="ltr" style="text-align: center;"><sub><em>We can gradually shift weights on route mappings, slowly introducing more and more traffic to v2 of our application.</em></sub></p>
<p>Finally, once we&rsquo;re happy with how v2 is performing, we can stop v1. Now v2 is handling 100% of the traffic. You can see how this opens up a more natural path to advanced deployment techniques. Blue/green deployments, canary deployments, and A/B testing are all much easier to achieve with this new feature.</p>
<p>&nbsp;</p>
<h2 dir="ltr">More Ports? No Problem. Introducing Multi-Port Support!</h2>
<p>Most applications only listen on a single port. But what about the use case where our application might listen on multiple ports? What if we have a management interface or a metrics endpoint that we don&#39;t want users even reaching? That brings us to the other big routing feature of PAS 2.5: multi-port support!</p>
<p dir="ltr">Let&#39;s use the most popular case:&nbsp;<a href="https://spring.io/guides/gs/actuator-service/">Spring Boot Actuator</a>. This project gives developers and operators wonderful insight into the health of running Spring applications. From health checks to metrics to thread dumps, it&#39;s an awesome way to track the health of your application. By default, Actuator runs on the same port as your application, all prefixed by the path &#39;/actuator&#39;. Features can be turned on and off as needed, but even then this is a lot to expose on a public application. Lucky for us, Spring Boot allows us to configure Actuator to run on a separate port by adding an additional line to our application&rsquo;s configuration.</p>
<div dir="ltr" style="background:#eee;border:1px solid #ccc;padding:5px 10px;"><code>management.server.port = 8081</code></div>
<p>We can deploy our application as normal; it will start as expected. PAS will provide it a port to listen on. Our app will serve traffic as normal, using the route that we gave it when we pushed it. So far, so good!&nbsp;&nbsp;</p>
<p dir="ltr">From here, we need to tell PAS that our application has additional ports that it&rsquo;s listening on. We can use a <code>cf curl</code> command.</p>
<div dir="ltr" style="background:#eee;border:1px solid #ccc;padding:5px 10px;"><code>cf curl /v2/apps/$(cf app my-app -- </code><code>guid</code><code> ) -X PUT -d &#39;{&quot;ports&quot;: [8080, 8081]}&#39;</code></div>
<p>NOTE: We&rsquo;ve embedded a cf CLI command inside our <code>cf curl</code> command by including <code>cf app my-app --</code><code>guid</code>. But all this is doing is returning the unique identifier for our application named &ldquo;my-app&rdquo;, which we need to make the API call.</p>
<p dir="ltr">Finally, we have to create a second route for the additional port and then bind it to the app. We&rsquo;ll need to specify which port it should send traffic to.</p>
<div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"><code>cf create-route dev apps.example.com --hostname actuator</code></div>
<hr />
<div style="background:#eee;border:1px solid #ccc;padding:5px 10px;">
<p><code>cf curl /v2/route_mappings -X POST -d &quot;{\&quot;app_guid\&quot;: \&quot;$(cf app my-app --guid)\&quot;, \&quot;route_guid\&quot;: \&quot;$(cf curl /v2/routes?q=host:actuator | jq .resources[0].metadata.guid | tr -d &#39;&quot;&#39;)\&quot;, \&quot;app_port\&quot;: 8081}&quot;</code></p>
</div>
<p dir="ltr">Again, we&rsquo;ve embedded quite a few subcommands in the <code>cf curl</code> command to make it a one-liner. Let&rsquo;s look at what this might look like once the various identifiers are looked up:</p>
<div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"><code>cf curl /v2/route_mappings -X POST -d {&quot;app_guid&quot;: &quot;00000-00000-00000-00000-00000&quot;, &quot;route_guid&quot;: &quot;11111-11111-11111-11111-11111&quot;, &quot;app_port&quot;: 8081}</code></div>
<p dir="ltr">That&rsquo;s easier to read. We can now look up both the GUID for our application and for our newly created route. Then we created a new mapping between the two, specifying the port. Despite being served by the same application, our traffic is served at <code>my-app.apps.example.com</code> and Actuator traffic is served at <code>actuator.apps.example.com</code>. This setup grants us greater control over how traffic is served between the two.</p>
<div dir="ltr" style="background: rgb(238, 238, 238); border: 1px solid rgb(204, 204, 204); padding: 5px 10px; text-align: center;"><img alt="" src="https://content.cdntwrk.com/files/aHViPTYzOTc1JmNtZD1pdGVtZWRpdG9yaW1hZ2UmZmlsZW5hbWU9aXRlbWVkaXRvcmltYWdlXzVjYTI3NTg2MmYxOTEucG5nJnZlcnNpb249MDAwMCZzaWc9OWUwYzQ4OGMyZjVhYWJkMjcxZjQ1ZGJmOWU1ZTM5ZWQ%253D" /></div>
<p style="text-align: center;"><sub><em>Our application serving traffic on two ports.</em></sub></p>
<p dir="ltr">&nbsp;</p>
<h2 dir="ltr">Try Pivotal Cloud Foundry 2.5 Now!</h2>
<p>As these features improve, we&rsquo;ll see these integrated into the cf CLI. More importantly, though is how the new Cloud Foundry routing tier continues to make your life easier with Istio and Envoy. There&rsquo;s still plenty already planned to further this integration. Follow <a href="https://twitter.com/pivotal" target="_blank">@Pivotal</a> and keep an eye out for these features in future releases!</p>
<p>Of course there is a lot more packed in the 2.5 release of PAS and Pivotal Cloud Foundry. Make sure to check out the <a href="https://docs.pivotal.io/pivotalcf/2-5/pcf-release-notes/index.html">2.5 release notes</a> for a full list of features. Even better, why not kick the tires a bit? Sign up for a free <a href="https://run.pivotal.io/?utm_source=blog&amp;utm_medium=blog&amp;utm_campaign=blog">Pivotal Web Services</a> trial and try PCF yourself!</p>
https://content.pivotal.io/blog/pivotal-cloud-foundry-2-5-istio-envoy-integration-weighted-routing-multi-port
511844743Tue, 02 Apr 2019 08:55:00 -0400Brian McClainAny App, Every Cloud, One Platform: Delivering on Pivotal’s Vision
<p dir="ltr" style="text-align: center;"><img alt="" src="https://content.cdntwrk.com/files/aHViPTYzOTc1JmNtZD1pdGVtZWRpdG9yaW1hZ2UmZmlsZW5hbWU9aXRlbWVkaXRvcmltYWdlXzVjYzllY2FjYTQwNTUucG5nJnZlcnNpb249MDAwMCZzaWc9NTgyMjViOWU4ZGY5YmZjNWNmNDQ0YjkwYmVmN2Y0ZmQ%253D" /></p>
<p dir="ltr"><a href="https://pivotal.io/platform">Pivotal Cloud Foundry</a> (PCF) recently turned five-years-old. In celebration, I&rsquo;d like to reflect on how far the platform has come, and provide a look at our plans for the months and years ahead.</p>
<p dir="ltr">Our vision is to make it easy for you to run and manage any app, across every cloud, on one platform. To realize our vision, we are constantly innovating, curating, and integrating the best of open source, and empowering you to build the right software.</p>
<p dir="ltr">&nbsp;</p>
<h2 dir="ltr">Constantly Innovating</h2>
<p>Since launching PCF in November of 2013, we&rsquo;ve made significant underlying changes and added exciting new capabilities. We added things like TCP routing, persistent storage with NFS and SMB, and industry-leading support for Windows workloads. We swapped out orchestrators (DEA for Diego); changed container runtimes twice (Warden to runc to containerd); and evolved the networking stack with things like CNI, Istio, and Envoy&mdash;bringing service mesh features to the platform. We did all this while listening to your needs and bringing you along on the journey, without ever breaking the user experience or requiring a complete rebuild of the environment.</p>
<p dir="ltr">One of your biggest needs was an enterprise-grade Kubernetes. While we continued to expand the types of apps that run on <a href="https://pivotal.io/platform/pivotal-application-service">Pivotal Application Service</a> (PAS), we partnered with VMware to bring <a href="https://pivotal.io/platform/pivotal-container-service">Pivotal Container Service (PKS)</a> to market in 2017. We&rsquo;re now a major contributor to Kubernetes itself.</p>
<p>Even as Kubernetes demand increased, the need for higher-level developer abstractions grew. You asked about elastic, composable functions that help you quickly deliver event-driven apps. We unveiled <a href="https://projectriff.io/">Project riff</a> in December 2017 to deliver a functions runtime that runs anywhere, &nbsp;partnered with Google to deliver the Knative project, and announced the upcoming <a href="https://pivotal.io/platform/pivotal-function-service">Pivotal Function Service (PFS)</a>. PCF brings these three runtimes together into one platform that runs everywhere.</p>
<p dir="ltr">I&rsquo;m excited about what&rsquo;s next. You&rsquo;ll see more modularization so you can run our components anywhere, while still having the option for a best-in-class integrated platform. Here are a few things we&rsquo;re working on:</p>
<ul>
<li dir="ltr">
<p dir="ltr">Multi-cloud and multi-site services. With PCF 2.5, you can view and manage apps across locations. We&rsquo;re working on additional functionality for deploying, connecting, and managing apps and services across environments. Pivotal makes public cloud better, and we&rsquo;re leading the way on delivering a multi-cloud platform that works.</p>
</li>
<li dir="ltr">
<p dir="ltr">Cloud Native Buildpacks and a build service. We&rsquo;re innovating to give you a simple, fast, secure way to package software, anywhere. One of the best parts of Cloud Foundry&mdash;our securely built and fully supported Java stack&mdash;is that it will run everywhere, including your Kubernetes environment.</p>
</li>
<li dir="ltr">
<p dir="ltr">Cloud-native .NET and Windows. With PAS for Windows and the upcoming PKS Windows, we&rsquo;re offering a compelling platform for new and existing .NET apps. Envoy and Istio-powered routing is under development. And with PAS, you can go fast with apps written in any language, running on Windows or Linux.</p>
</li>
<li dir="ltr">
<p dir="ltr">General availability of PFS. Pivotal engineers are working on making Pivotal Function Service a best-in-class runtime for function workloads.</p>
</li>
</ul>
<p dir="ltr">We&rsquo;re also bringing Kubernetes into more parts of PCF; working with IBM and others on the Eirini project to make Kubernetes an option for PAS; bringing service mesh capabilities to the entire platform; and exploring new ways to automate the installation, delivery, and management of all parts of PCF. And while doing all this platform work, we&rsquo;re also increasing our investment in OSS like Spring, Steeltoe, Concourse, Spinnaker, Cloud Foundry, Kubernetes, Knative, RabbitMQ, PostgreSQL, Apache Geode, and Greenplum.</p>
<p dir="ltr">&nbsp;</p>
<h2 dir="ltr">Curating and Integrating Open Source</h2>
<p>We&rsquo;re building some amazing new capabilities. In tandem, we&rsquo;re constantly upgrading the open source pieces that underpin our technology.</p>
<p>Our raison d&#39;&ecirc;tre is to wrangle open source complexity so you don&rsquo;t have to. We curate and integrate the best of open source, contribute to help it mature, and bake it into our tested, enterprise-grade platform. We insulate you from the complex parts of open source while serving up all the innovative goodness so you can rapidly build the right software. That&rsquo;s what we&rsquo;ve always done, and that&rsquo;s what we&rsquo;ll keep doing.</p>
<p>What can you expect next? Advanced network and service mesh capabilities. Istio is beta in PAS with <a href="https://content.pivotal.io/blog/pivotal-cloud-foundry-2-5-istio-envoy-integration-weighted-routing-multi-port">weighted routing</a> as an exposed feature. We&rsquo;re also in-progress with sidecar support for PAS, and Istio for PKS ingress. Our networking expertise&mdash;not to mention our partnership with VMware&mdash;is also helping us craft an exciting plan for connecting all your software together.</p>
<p>&nbsp;</p>
<h2 dir="ltr">Empowering Organizations to Build the Right Software</h2>
<p>At Pivotal, we don&rsquo;t stop with our software. We know the innovation we pour into PCF doesn&rsquo;t matter if we don&rsquo;t help you build the right software. And that&rsquo;s what&rsquo;s so unique about Pivotal: our one-two punch of best-in-class software and <a href="https://pivotal.io/labs">services</a> helps organizations compete and grow by giving them the technology they need not just to build and operate applications at scale, securely, on any cloud, but also foster a culture that is optimized for continuous speed, learning, and productivity. That gets apps into production faster, leads to more customer feedback, accelerates iteration, and leads to killer software.</p>
<p>As you can see, we&rsquo;re investing heavily in PAS, PKS, and PFS. All three bring you immense value. Over time, we will deliver an integrated platform experience for every type of workload you can imagine.</p>
<p dir="ltr">I hope you&rsquo;ll join us for the ride. It&rsquo;s going to be fun.</p>
<div>&nbsp;</div>
https://content.pivotal.io/blog/any-app-every-cloud-one-platform-delivering-on-pivotal-s-vision
519684799Tue, 30 Apr 2019 18:29:57 -0400Onsi FakhouriCloud Native Buildpacks: an Industry-Standard Build Process for Kubernetes and Beyond.
<h3 dir="ltr">Cloud Native Buildpacks Unlock Developer Productivity</h3>
<p dir="ltr">If you want to make your developers more productive with Kubernetes, you&rsquo;re going to want to look at <a href="https://buildpacks.io/">Cloud Native Buildpacks</a>.</p>
<p dir="ltr">Cloud Native Buildpacks evolve a concept first pioneered by <a href="https://pivotal.io/">Pivotal</a> and <a href="https://www.heroku.com/">Heroku</a>. The big idea behind buildpacks? Building containers from source code should be completely automated.</p>
<center>
<blockquote class="twitter-tweet" data-lang="en">
<p dir="ltr" lang="en">[NEWS] <a href="https://twitter.com/CloudNativeFdn?ref_src=twsrc%5Etfw">@CloudNativeFdn</a> to Host <a href="https://twitter.com/hashtag/CloudNativeBuildpacks?src=hash&amp;ref_src=twsrc%5Etfw">#CloudNativeBuildpacks</a> in the Sandbox 🎉 <a href="https://t.co/aqHQqY5PMM">https://t.co/aqHQqY5PMM</a> <a href="https://t.co/AwQvDF7714">pic.twitter.com/AwQvDF7714</a></p>
&mdash; CNCF (@CloudNativeFdn) <a href="https://twitter.com/CloudNativeFdn/status/1047509105508868096?ref_src=twsrc%5Etfw">October 3, 2018</a></blockquote>
<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script></center>
<p>Why fiddle with containers built by hand, when you can just push your code and have the buildpack create the container for you? This way, you don&rsquo;t have to sweat the runtime dependencies. And it&rsquo;s push-button easy to update your container later. Just push your code, and buildpacks do the rest.</p>
<p dir="ltr">There&rsquo;s an operational and security benefit too. Buildpacks build apps in a consistent, repeatable way. This consistency makes it easy to audit and control what&rsquo;s running on your platform at any given time. You can assess your risk from a given CVE quickly, and remediate a patch moments later.</p>
<p dir="ltr">That&rsquo;s why buildpacks are so popular with high-velocity development teams. Buildpacks transform application source code into a portable artifact that can run on <a href="https://pivotal.io/platform/pivotal-application-service">Pivotal Application Service</a>, or the open-source <a href="https://www.cloudfoundry.org/application-runtime/">Cloud Foundry Application Runtime</a>.&nbsp;Since their&nbsp;<a data-saferedirecturl="https://www.google.com/url?q=https://urldefense.proofpoint.com/v2/url?u%3Dhttps-3A__blog.heroku.com_buildpacks%26d%3DDwMFaQ%26c%3Dlnl9vOaLMzsy2niBC8-h_K-7QJuNJEsFrzdndhuJ3Sw%26r%3DvHjQyIWfYgL7j0k9boZf2VjXiwHlGWHS2xsetU-wMhI%26m%3DZooTFfaeRKeES11N4N-hXYPb4FOOX2ld1P7tw6eXKYs%26s%3DuySD9_jCIDyIVVX5GK7FrjXikdqpg5bSlZ_xSmFbWz4%26e%3D&amp;source=gmail&amp;ust=1554378940534000&amp;usg=AFQjCNF6LWlu0m70eBrGdkWcCgXKOM3oxQ" href="https://urldefense.proofpoint.com/v2/url?u=https-3A__blog.heroku.com_buildpacks&amp;d=DwMFaQ&amp;c=lnl9vOaLMzsy2niBC8-h_K-7QJuNJEsFrzdndhuJ3Sw&amp;r=vHjQyIWfYgL7j0k9boZf2VjXiwHlGWHS2xsetU-wMhI&amp;m=ZooTFfaeRKeES11N4N-hXYPb4FOOX2ld1P7tw6eXKYs&amp;s=uySD9_jCIDyIVVX5GK7FrjXikdqpg5bSlZ_xSmFbWz4&amp;e=" target="_blank">introduction</a>,&nbsp;<a data-saferedirecturl="https://www.google.com/url?q=https://urldefense.proofpoint.com/v2/url?u%3Dhttps-3A__www.heroku.com_%26d%3DDwMFaQ%26c%3Dlnl9vOaLMzsy2niBC8-h_K-7QJuNJEsFrzdndhuJ3Sw%26r%3DvHjQyIWfYgL7j0k9boZf2VjXiwHlGWHS2xsetU-wMhI%26m%3DZooTFfaeRKeES11N4N-hXYPb4FOOX2ld1P7tw6eXKYs%26s%3DKR8dJsuzDFrgpUgKrYUWoWHHBv7KwwbE9tRGjdchW6c%26e%3D&amp;source=gmail&amp;ust=1554378940534000&amp;usg=AFQjCNFYvtU6O5vG4YrhD24Ff2uPah9BTw" href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.heroku.com_&amp;d=DwMFaQ&amp;c=lnl9vOaLMzsy2niBC8-h_K-7QJuNJEsFrzdndhuJ3Sw&amp;r=vHjQyIWfYgL7j0k9boZf2VjXiwHlGWHS2xsetU-wMhI&amp;m=ZooTFfaeRKeES11N4N-hXYPb4FOOX2ld1P7tw6eXKYs&amp;s=KR8dJsuzDFrgpUgKrYUWoWHHBv7KwwbE9tRGjdchW6c&amp;e=" target="_blank">Heroku</a>&nbsp;<wbr />users have benefitted from the simplicity, usability, and flexibility of&nbsp;buildpacks&nbsp;across millions of production apps.</p>
<p dir="ltr">We want as many developers as possible to benefit from buildpacks. To this end, we teamed up with Heroku to create <a href="https://content.pivotal.io/blog/peace-of-mind-for-developers-and-operators-buildpacks-is-now-a-cncf-project-welcome-cloud-native-buildpacks">Cloud Native Buildpacks</a>.</p>
<p dir="ltr">&nbsp;</p>
<h2 dir="ltr">Cloud Native Buildpacks bring the power of buildpacks to Kubernetes</h2>
<p dir="ltr">The project aims to deliver a consistent platform-to-buildpack contract for use in more places. The interface defined by this contract is informed by learnings from maintaining production-grade buildpacks for years at both Pivotal and Heroku.</p>
<p dir="ltr">Today, the Cloud Native Buildpacks project is open for test/dev scenarios. The Cloud Foundry Buildpacks team <a href="https://hub.docker.com/r/cloudfoundry/cnb">has also released</a> a selection of next-gen Cloud Foundry buildpacks compatible with the new project. With this release you can try buildpacks out on <a href="https://pivotal.io/platform/pivotal-container-service">Pivotal Container Service</a> (PKS) and <a href="https://pivotal.io/platform/pivotal-application-service">Pivotal Application Service</a> (PAS). Some of this technology is already integrated into <a href="https://pivotal.io/platform/pivotal-function-service">Pivotal Function Service</a> (PFS) when functions are built using the <a href="https://projectriff.io/">riff</a> CLI.</p>
<p dir="ltr">Let&rsquo;s dig a little deeper into this tech. The best place to start? The current state of buildpacks.</p>
<p dir="ltr">&nbsp;</p>
<h2 dir="ltr">Buildpacks are fundamental to the Cloud Foundry &ldquo;Day 2&rdquo; experience</h2>
<p dir="ltr">Currently, buildpacks function &ldquo;under the hood&rdquo; within Cloud Foundry (CF).</p>
<p dir="ltr">When you <code>cf push</code> your custom code, buildpacks automatically add in the framework dependencies and create an application &ldquo;droplet&rdquo; that&rsquo;s ready to run on the platform. The droplet model allows Cloud Foundry to gracefully handle dependency updates. In-container OS package updates can be automatically performed for all the apps running on the platform without downtime or disruption. Application runtimes can be updated simply by pulling in the latest buildpacks and rebuilding a droplet. Buildpacks are a central component of the day-2 experience CF users love.</p>
<p dir="ltr">Now imagine an experience that expands on this idea, and builds an OCI image that can run on any platform? Locally, it might look something like this:</p>
<div dir="ltr" style="background:#eee;border:1px solid #ccc;padding:5px 10px;"><code>$ pack build&nbsp;myapp</code></div>
<p>That&rsquo;s Cloud Native Buildpacks. We believe developers will love the simplicity of this single command to get a production quality container when they prefer not to author and maintain their own Dockerfile.</p>
<p dir="ltr">Read on for more details.</p>
<p dir="ltr">&nbsp;</p>
<h2 dir="ltr">Cloud Native Buildpacks make a great idea even better</h2>
<p dir="ltr">While traditional buildpacks are wonderful, Cloud Native Buildpacks are a big step forward for the industry. Here&rsquo;s why:</p>
<ol>
<li dir="ltr">
<p dir="ltr"><strong>Portability via the OCI standard. </strong>Cloud Native Buildpacks produce OCI Images from source code. While the application droplet is tied to CF, <a href="https://github.com/opencontainers/image-spec">OCI images</a> are an open source container standard. This makes Cloud Native Buildpacks much more portable. Which is to say, they can be used by more abstractions like Kubernetes and Knative.</p>
</li>
<li dir="ltr">
<p dir="ltr"><strong>Greater modularity. </strong>Cloud Native Buildpacks are modular. Engineers can enjoy a higher degree of specificity in their buildpack configuration experience. More practically, this will allow platform operators more control over how developers build their code at runtime.</p>
</li>
<li dir="ltr">
<p dir="ltr"><strong>Speed. </strong>Cloud Native Buildpacks build exponentially faster due to advanced build caching, layer reuse, and data deduplication.</p>
</li>
<li dir="ltr">
<p dir="ltr"><strong>Faster troubleshooting.</strong> Cloud Native Buildpacks can be used in a developer&rsquo;s local environment. This helps troubleshoot production issues much faster.</p>
</li>
<li dir="ltr">
<p dir="ltr"><strong>Reproducible builds. </strong>Cloud Native Buildpacks enable reproducible container image builds.</p>
</li>
</ol>
<p>Sounds pretty good right? Now here&rsquo;s how you can get started.</p>
<p>&nbsp;</p>
<h2 dir="ltr">Get Started with Cloud Native Buildpacks</h2>
<p dir="ltr">Ready to take Cloud Native Buildpacks for a spin? You can work with Cloud Native Buildpacks locally using the <a href="https://github.com/buildpack/pack/">CLI (&lsquo;pack&rsquo;)</a>. Give it a try, and share your feedback with us on <a href="https://buildpacks.slack.com">Slack</a>.</p>
<p dir="ltr">You&rsquo;ll also want to check out the docs for a common demo scenario: <a href="https://buildpacks.io/docs/app-journey/">https://buildpacks.io/docs/app-journey</a>.</p>
<p dir="ltr">What does all this mean for Pivotal Cloud Foundry customers? We thought you might be curious about that.</p>
<p dir="ltr">&nbsp;</p>
<h2 dir="ltr">Up next: Making Cloud Native Buildpacks ready for the enterprise</h2>
<p dir="ltr">Cloud Native Buildpacks are wonderful tech. But like most open-source projects, it&rsquo;ll need some polish to be plug-and-play ready for enterprise scenarios. That&rsquo;s what Pivotal is exploring now. In fact, Pivotal is currently exploring three such scenarios: image promotion, operator control, and automated image patching. Let&rsquo;s take a deeper look at how each area could be addressed with a Pivotal build service. The features discussed below, and any other forward-looking features, will be deployed if and when available.</p>
<h3 dir="ltr">Image Promotion&mdash;No Rebuild Required</h3>
<p dir="ltr">The current CF app promotion process can be painful for developers. Today, developers must keep rebuilding the same droplet, a tedious process. Another pain point: underlying dependencies may not always align throughout the promotion process because apps may not be built using the same buildpack versions.&nbsp; Pivotal is exploring a build service with a more intelligent approach to image updating. In this new world, developers would be able to promote images through environments, and eventually, across PCF foundations.</p>
<h3 dir="ltr">Automated Image Updates Makes Developers More Productive</h3>
<p dir="ltr">Pivotal is also exploring a declarative configuration model. Tell the build service what you want your app to look like. Then, it would deliver new images to your registry whenever this configuration falls out of sync. If a new CVE is announced, new buildpack versions are made available and new images are built.</p>
<h4 dir="ltr">Operator Control</h4>
<p dir="ltr">A useful build service would provide tighter operator control by restricting buildpack usage in the apps they supervise.</p>
<p dir="ltr">With a build service, operators could create build configurations for different groups of developers within the organization. These configurations would govern the buildpacks that any given dev is allowed to use. This is a better experience for operators; they can be more confident that their apps use secure, compliant dependencies. Developers would not have to worry about what they can, and can&#39;t, use. Instead, they would just focus on their source code.</p>
<p dir="ltr">&nbsp;</p>
<h2 dir="ltr">To Remove Toil, Use Cloud Native Buildpacks</h2>
<p dir="ltr">The best developers strive to eliminate toil from their lives. These engineers figure that if a task doesn&rsquo;t add value, it should be automated so you don&rsquo;t ever have to think about it again. With Cloud Native Buildpacks, developers can happily remove that much more toil from their jobs.</p>
<p dir="ltr">&nbsp;</p>
<p dir="ltr"><sub><strong>SAFE HARBOR STATEMENT</strong></sub></p>
<p dir="ltr"><sub>This blog contains statements relating to Pivotal&rsquo;s expectations, projections, beliefs and prospects which are &quot;forward-looking statements&rdquo; within the meaning of the federal securities laws and by their nature are uncertain. Words such as &quot;believe,&quot; &quot;may,&quot; &quot;will,&quot; &quot;estimate,&quot; &quot;continue,&quot; &quot;anticipate,&quot; &quot;intend,&quot; &quot;expect,&quot; &quot;plans,&quot; and similar expressions are intended to identify forward-looking statements. Such forward-looking statements are not guarantees of future performance, and you are cautioned not to place undue reliance on these forward-looking statements. Actual results could differ materially from those projected in the forward-looking statements as a result of many factors, including but not limited to: (i) our limited operating history as an independent company, which makes it difficult to evaluate our prospects; (ii) the substantial losses we have incurred and the risks of not being able to generate sufficient revenue to achieve and sustain profitability; (iii) our future success depending in large part on the growth of our target markets; (iv) our future growth depending largely on Pivotal Cloud Foundry and our platform-related services; (v) our subscription revenue growth rate not being indicative of our future performance or ability to grow; (vi) our business and prospects being harmed if our customers do not renew their subscriptions or expand their use of our platform; (vii) any failure by us to compete effectively; (viii) our long and unpredictable sales cycles that vary seasonally and which can cause significant variation in the number and size of transactions that can close in a particular quarter; (ix) our lack of control of and inability to predict the future course of open-source technologies, including those used in Pivotal Cloud Foundry; and (x) any security or privacy breaches. All information set forth in this release is current as of the date of this release. These forward-looking statements are based on current expectations and are subject to uncertainties, risks, assumptions, and changes in condition, significance, value and effect as well as other risks disclosed previously and from time to time in documents filed by us with the U.S. Securities and Exchange Commission (SEC), including our prospectus dated April 19, 2018, and filed pursuant to Rule 424(b) under the U.S. Securities Act of 1933, as amended. Additional information will be made available in our quarterly report on Form 10-Q and other future reports that we may file with the SEC, which could cause actual results to vary from expectations. We disclaim any obligation </sub><sub>to,</sub><sub> and do not currently intend to, update any such forward-looking statements, whether written or oral, that may be made from time to time except as required by law.</sub></p>
<p dir="ltr"><sub>This blog also contains statements which are intended to outline the general direction of certain of Pivotal&#39;s offerings. It is intended for information purposes only and may not be incorporated into any contract. &nbsp;Any information regarding the pre-release of Pivotal offerings, future updates or other planned modifications is subject to ongoing evaluation by Pivotal and is subject to change. All software releases are on an if and when available basis and are subject to change. This information is provided without warranty or any kind, express or implied, and is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions regarding Pivotal&#39;s offerings. Any purchasing decisions should only be based on features currently available. &nbsp;The development, release, and timing of any features or functionality described for Pivotal&#39;s offerings in this blog remain at the sole discretion of Pivotal. Pivotal has no obligation to update forward-looking information in this blog.</sub></p>
https://content.pivotal.io/blog/cloud-native-buildpacks-for-kubernetes-and-beyond
512155330Wed, 03 Apr 2019 00:13:00 -0400Emily CaseyThis Month in Spring - April 2019
<p><img alt="" src="https://content.cdntwrk.com/files/aHViPTYzOTc1JmNtZD1pdGVtZWRpdG9yaW1hZ2UmZmlsZW5hbWU9aXRlbWVkaXRvcmltYWdlXzVjYzc0M2RmYTczM2YuanBnJnZlcnNpb249MDAwMCZzaWc9MGE2M2IxNzkwZTFhOTlmN2NmZTc1MzYzOTAyOGQ4Njc%253D" style="width: 500px; height: 375px;" /></p>
<p>Hi Spring fans! What a month it&#39;s been since we last spoke! I&#39;ve been trying to keep busy. I always try to keep busy. My new book, <a href="http://ReactiveSpring.io"><em>Reactive Spring</em></a> (on Twitter as <a href="http://twitter.com/ReactiveSpring">@ReactiveSpring</a>) is now available for early-access reading on <a href="https://leanpub.com/reactive-spring">Leanpub</a>! That&#39;s a big deal for me, anyway. It&#39;s not done yet, but you can already read it in ePub, Kindle, Mobi, and PDF files. It&#39;ll be available as a print-on-demand thing later. If you buy the book on Leanpub now at the cheaper price, you&#39;re entitled to the updates and finished product even as the book evolves and thickens out. This also provides a natural way for us to stay in touch: I want and value your feedback in developing the book!</p>
<p>In the last few weeks I&#39;ve spoken at a few shows. I started in New York City at the Kafka Summit, then went east (and <em>really</em> far south!) to Capetown, and Johannesburg, South Africa for the SpringOne Tour events in South Africa. I went to Mauritius, an absolutely gorgeous little island nation in the Indian ocean for the Mauritius Developer Conference event there. I then went north and east to the epic ITKonect conference in Belgrade, Serbia. I then went even further east, to Shanghai, China, for meetings, and then to the Alibaba R&amp;D Summit in Hangzhou, China. Then I continued east, this time returning to Los Angeles, California for the epic Coachella festival with my family. (The 13 year old loved it, so it was worth it.) THEN, it was off to Istanbul, Turkey for the SpringOne Tour event in Istanbul, and now - as I write this - I&#39;m in what was, yesterday at least, the picture perfect and beautiful Chicago, Illinois. It&#39;s raining sideways today, though! That&#39;s fine. All the more reason to stay inside and talk to people who can teach me stuff! I&#39;m here for the epic GOTO Chicago conference and customer visits. I love Chicago as its one of the major customer centers for Pivotal. Tons of really amazing organizations doing financial services and other types of demanding applications here. Not to mention, Intelligentsia Coffee is my jam.</p>
<p>All the while, I&#39;ve been busy recording <a href="http://bit.ly/spring-tips-playlist">Spring Tips screencast installments</a> (on Twitter as <a href="https://twitter.com/SpringTipsLive">@SpringTipsLive</a>). I wasn&#39;t really planning on doing these <em>Spring Tips</em> installments! There&#39;s just way too much cool stuff - I couldn&#39;t help it! Not to mention I didn&#39;t want to get behind otherwise I&#39;d never catch up! I&#39;ve done Spring Tips installments introducing the <a href="https://spring.io/blog/2019/04/03/spring-tips-webmvc-fn-the-functional-dsl-for-spring-mvc">new WebMvc.fn programming model in Spring MVC</a>, the new RSocket <code>@Controller</code> component model <a href="https://spring.io/blog/2019/04/15/spring-tips-rsocket-messaging-in-spring-boot-2-2">in Spring Framework 5.2.x and Spring Boot 2.2.x</a>, and the <a href="https://spring.io/blog/2019/04/24/spring-tips-spring-cloud-circuit-breaker">new Spring Cloud Circuit Breaker</a> project.</p>
<p>I&#39;ve also been busy that little podcast of mine, <a href="http://bit.ly/a-bootiful-podcast">A Bootiful Podcast</a> (on Twitter as <a href="https://twitter.com/BootifulPodcast">@BootifulPodcast</a>), which is avaible on iTunes and Google Play, among other syndication channels. I got to talk to Spring Cloud Task and Spring Batch lead <a href="https://spring.io/blog/2019/04/26/a-bootiful-podcast-spring-batch-and-spring-cloud-task-lead-michael-minella">Michael Minella</a>, <a href="https://spring.io/blog/2019/04/19/a-bootiful-podcast-pivotal-field-cto-and-og-cloud-native-matt-stine-on-architecture">Pivotal Field CTO Matt Stine</a>, <a href="https://spring.io/blog/2019/04/11/a-bootiful-podcast-rabobank-s-roy-braam-on-building-an-agile-bank">Rabobank&#39;s Roy Braam</a>, and <a href="https://spring.io/blog/2019/04/05/a-bootiful-podcast-microsoft-s-kylie-liang-and-theresa-nguyen-on-microsoft-s-java-and-spring-support">Microsoft&#39;s Kylie Liang and Theresa Nguyen</a>. The podcast is still new so I can&#39;t tell you all how happy I am that people are subscribing and listening. If you like it, <em>please</em> leave a nice rating and/or review on iTunes or Google Play. It really helps to improve our circulation.</p>
<p>That&#39;s been my month. I&#39;ve been <em>trying</em> to keep busy, but the community - as usual - is <em>waaaay</em> ahead of me! There&#39;s been tons of stuff so let&#39;s get to it!</p>
<ul>
<li><a href="https://spring.io/blog/2019/04/19/preview-releases-of-spring-cloud-alibaba-are-available-0-9-0-0-2-2-and-0-1-2">Preview releases of Spring Cloud Alibaba are available: 0.9.0, 0.2.2, and 0.1.2</a></li>
<li>In this installment of <em>A Bootiful Podcast</em>], I interview <a href="https://spring.io/blog/2019/04/19/a-bootiful-podcast-pivotal-field-cto-and-og-cloud-native-matt-stine-on-architecture">Pivotal Field CTO and OG Cloud Native Matt Stine on Architecture</a></li>
<li><a href="https://spring.io/blog/2019/04/18/spring-cloud-data-flow-2-1-0-m1-released">Spring Cloud Data Flow 2.1.0.M1 released</a></li>
<li><a href="https://spring.io/blog/2019/04/18/spring-tools-4-2-1-released">Spring Tools 4.2.1 released</a></li>
<li><a href="https://spring.io/blog/2019/04/17/cve-2019-3799-spring-cloud-config-2-1-2-2-0-4-1-4-6-released">CVE-2019-3799: Spring Cloud Config 2.1.2, 2.0.4, 1.4.6 Released</a></li>
<li><a href="https://spring.io/blog/2019/04/16/spring-cloud-task-2-2-0-m1-is-now-available">Spring Cloud Task 2.2.0.M1 is now available</a></li>
<li><a href="https://spring.io/blog/2019/04/16/flight-of-the-flux-2-debugging-caveats">Flight of the Flux 2 - Debugging Caveats</a></li>
<li><a href="https://spring.io/blog/2019/04/16/introducing-spring-cloud-circuit-breaker">Introducing Spring Cloud Circuit Breaker</a></li>
<li><a href="https://spring.io/blog/2019/04/16/spring-security-5-2-0-m2-released">Spring Security 5.2.0.M2 Released</a></li>
<li><a href="https://spring.io/blog/2019/04/16/spring-boot-2-2-m2">Spring Boot 2.2 M2</a></li>
<li><a href="https://www.cloudfoundry.org/cve-2019-3801-java-projects-using-http-to-fetch-dependencies/">CVE-2019-3801: Java Projects using HTTP to fetch dependencies</a></li>
<li><a href="https://examples.javacodegeeks.com/enterprise-java/spring/boot/spring-boot-freemarker-configuration-example/">Spring Boot FreeMarker Configuration Example | Examples Java Code Geeks - 2019</a></li>
<li>In this installment of <em>Spring Tips</em> I look at the just-released-on-<code>master</code> support for <a href="https://spring.io/blog/2019/04/15/spring-tips-rsocket-messaging-in-spring-boot-2-2">RSocket Messaging in Spring Boot 2.2</a>. It&#39;s here! It&#39;s finally here! I was so excited to see this land and I hope you get a chance to try it out.</li>
<li><a href="https://spring.io/blog/2019/04/12/spring-session-for-apache-geode-pivotal-gemfire-2-2-0-m1-available">Spring Session for Apache Geode &amp; Pivotal GemFire 2.2.0.M1 Available</a></li>
<li><a href="https://spring.io/blog/2019/04/12/spring-session-for-apache-geode-pivotal-gemfire-2-0-9-release-2-1-3-release-available">Spring Session for Apache Geode &amp; Pivotal GemFire 2.0.9.RELEASE &amp; 2.1.3.RELEASE Available</a></li>
<li>Check out this post looking at the future of Kotlin and Spring, <a href="https://spring.io/blog/2019/04/12/going-reactive-with-spring-coroutines-and-kotlin-flow"><em>Going Reactive with Spring, Coroutines and Kotlin Flow</em></a></li>
<li>In this installment of <a href="https://spring.io/blog/2019/04/11/a-bootiful-podcast-rabobank-s-roy-braam-on-building-an-agile-bank"><em>A Bootiful Podcast</em> I interviewed Rabobank&#39;s Roy Braam on building an agile bank</a></li>
<li><a href="https://spring.io/blog/2019/04/11/spring-data-moore-m3-released">Spring Data Moore M3 released</a></li>
<li><a href="https://spring.io/blog/2019/04/10/spring-integration-smb-1-1-ga-available">Spring Integration SMB 1.1 GA Available</a></li>
<li><a href="https://spring.io/blog/2019/04/10/spring-framework-5-2-0-m1-available-now">Spring Framework 5.2.0.M1 available now</a></li>
<li><a href="https://spring.io/blog/2019/04/10/spring-data-lovelace-sr6-kay-sr14-ingalls-sr20-released">Spring Data Lovelace SR6, Kay SR14, Ingalls SR20 Released</a></li>
<li><a href="https://spring.io/blog/2019/04/10/spring-cloud-data-flow-2-0-2-ga-released">Spring Cloud Data Flow 2.0.2 GA Released</a></li>
<li>Yet another great post on the Okta blog, <a href="https://developer.okta.com/blog/2019/04/15/testing-spring-security-oauth-with-junit"><em>Upgrading Spring Security OAuth and JUnit Tests through the 👀 of a Java Hipster</em></a></li>
<li>This is kind of interesting. It&#39;s a blog that demonstrates how to create a <a href="https://kauri.io/article/311e46faf254462f9755e245a48de0cb/simple-kotlin-springboot-dapp-utilizing-web3j">simple Kotlin SpringBoot dApp utilizing web3j</a></li>
<li><a href="https://twitter.com/mrbwilms/status/1117669789508489216?s=12">Happy birthday to the Spring Boot Chaos Monkey!</a></li>
<li>In this installment of <em>A Bootiful Podcast</em> <a href="https://spring.io/blog/2019/04/05/a-bootiful-podcast-microsoft-s-kylie-liang-and-theresa-nguyen-on-microsoft-s-java-and-spring-support">I spoke Microsoft&#39;s Kylie Liang and Theresa Nguyen on MIcrosoft&#39;s Java and Spring Support</a>. This was a really interesting discussion for me. Azure is getting better and better and even though I try there&#39;s something about which I&#39;m unaware. I&#39;m grateful Kylie and Theresa were able to sit down and educate me.</li>
<li>In yet another unplanned installment of <em>Spring Tips</em>, <a href="https://spring.io/blog/2019/04/03/spring-tips-webmvc-fn-the-functional-dsl-for-spring-mvc">I debut WebMvc.fn - the functional DSL for Spring MVC</a>. Trust me, you&#39;ll want to see this!</li>
<li><a href="https://spring.io/blog/2019/04/04/spring-io-platform-cairo-sr8">Spring IO Platform Cairo-SR8</a></li>
<li><a href="https://spring.io/blog/2019/04/04/spring-io-platform-brussels-sr17">Spring IO Platform Brussels-SR17</a></li>
<li><a href="https://spring.io/blog/2019/04/04/spring-boot-2-1-4-released">Spring Boot 2.1.4 released</a></li>
<li><a href="https://spring.io/blog/2019/04/03/spring-boot-2-0-9-released">Spring Boot 2.0.9 Released</a></li>
<li><a href="https://spring.io/blog/2019/04/03/spring-boot-1-5-20-available-now">Spring Boot 1.5.20 available now</a></li>
<li><a href="https://spring.io/blog/2019/04/03/spring-security-5-1-5-5-0-12-4-2-12-released">Spring Security 5.1.5, 5.0.12, 4.2.12 Released</a></li>
<li><a href="https://spring.io/blog/2019/04/05/cve-2019-3795-spring-security-4-2-12-5-0-12-5-1-5-released">CVE-2019-3795: Spring Security 4.2.12, 5.0.12, 5.1.5 Released</a></li>
<li>I really enjoyed this <a href="https://dzone.com/articles/hystrix-vs-sentinel-a-tale-of-two-circuit-breakers">comparison of Alibaba&#39;s Sentinel vs. Netflix&#39;s Hystrix</a></li>
<li>This tweet [is everything to me!(https://twitter.com/springcentral/status/1115162821258559488) - congratulations Sara Torrey! :-)</li>
<li>This was an intersting interview on <a href="https://www.youtube.com/watch?v=mW0LCHtB7Aw">Spring Data JDBC with Jens Schauder on the Spring Data team</a></li>
<li><a href="https://medium.com/buildpacks/cloud-native-buildpacks-hit-beta-4d9f2c85dd22">Cloud Native Buildpacks Hit Beta</a></li>
<li>It&#39;s pretty cool that on April 1, 2019, Spring Boot turned five years! Congrats Spring Boot! Here&#39;s to many more happy, <em>bootiful</em> returns!</li>
<li>Check out Richard Seroter&#39;s post looking at <a href="https://seroter.wordpress.com/2019/04/03/connecting-your-java-microservices-to-each-other-heres-how-to-use-spring-cloud-stream-with-azure-event-hubs/">the Spring Cloud Stream binder for Azure Event Hubs</a></li>
<li><a href="https://spring.io/blog/2019/04/01/spring-framework-5-1-6-5-0-13-and-4-3-23-available-now">Spring Framework 5.1.6, 5.0.13 and 4.3.23 available now</a></li>
<li><a href="https://spring.io/blog/2019/03/29/spring-tools-4-2-0-released">Spring Tools 4.2.0 released</a></li>
<li>In this installment of <a href="https://twitter.com/bootifulpodcast"><em>A Bootiful Podcast</em> (@BootifulPodcast)</a> I talked to <a href="https://spring.io/blog/2019/03/29/josh-mckenty-better-josh-on-data-sovereignty-microservices-cloud-foundry-python-the-cloud-pivotal-and-more">Josh Mckenty about data sovereignty, microservices, Cloud Foundry, Python, the cloud, Pivotal, and more</a></li>
<li>If you get one blog to read, read this one on the <a href="https://spring.io/blog/2019/03/28/reactor-debugging-experience">Reactor Debugging Experience</a>. It&#39;s <em>amazing</em>!</li>
<li><a href="https://spring.io/blog/2019/03/27/spring-tool-suite-3-9-8-released">Spring Tool Suite 3.9.8 released</a></li>
<li>Want to know what makes <a href="https://twitter.com/springcentral/status/1112804577659817990">Pivotal Cloud Foundry the best place to run Spring Boot applications?</a></li>
<li>Interesting post: <a href="https://phauer.com/2019/focus-integration-tests-mock-based-tests/">Focus on Integration Tests Instead of Mock-Based Tests</a></li>
<li>A gentle reminder that you should <a href="https://twitter.com/springframework/status/1112638165351874562">be upgrading to Spring Framework 5.1.x as soon as possible</a></li>
<li><a href="https://twitter.com/SaraTorrey/status/1111305944909127680">Sara Torrey diagrammed her notes introducing </a> Spring Boot and they&#39;re really cool!</li>
<li>Check out Pivotal&#39;s Ben Hale on <a href="https://twitter.com/r2dbc/status/1111203411020656641">the state of Reactive Programming in the enterprise, RSocket and R2DBC on the latest OffHeap podcast episode</a></li>
<li>Missed this white-hot Spring Tip introducing ways to make Spring Boot lazy <em>and</em> fast? <a href="https://twitter.com/springcentral/status/1110982329655283713">Now&#39;s the time to watch</a>! It&#39;s not even ten minute&#39;s long!</li>
</ul>
https://content.pivotal.io/blog/this-month-in-spring-april-2019
519342592Mon, 29 Apr 2019 14:34:48 -0400Josh LongWindows Server 2019 with Pivotal Application Service for Windows 2.5
<p dir="ltr">The Pivotal Windows product team has been listening to your feedback on new features, and it&rsquo;s time for you to enjoy the fruits of their hard work. Pivotal Application Services for Windows (PASW) 2.5 is (as always) full of new exciting things that are gonna blow your socks completely off. Let&rsquo;s have a look.</p>
<h2 dir="ltr">The Latest Container Security and Features With Windows Server 2019</h2>
<p dir="ltr">The .NET community is innovating at a remarkable pace. What&rsquo;s great about your partnership with Pivotal is you don&rsquo;t have to worry about keeping up with all the improvements. We combine all the &ldquo;modern things&rdquo; in our products, and make them available to you as a simple deployable package.&nbsp;&nbsp;</p>
<p dir="ltr">To wit: PAS for Windows now bundles Windows Server 2019. In the past few PASW releases, it may feel like Windows stemcells have been changing quite a bit - and you&rsquo;re right. That&rsquo;s because Microsoft continues to improve containerization in the OS. It only makes sense for PAS to take advantage of this.</p>
<p dir="ltr">Windows Server 2019 is the next iteration of Microsoft&rsquo;s container journey, and it&rsquo;s packed with <a href="https://docs.microsoft.com/en-us/windows-server/get-started-19/whats-new-19">awesome tech</a>. A few of our favorites: additional security with Software Defined Networking and support for Kubernetes. Windows Server 2019 is the best OS yet, and we&rsquo;re very excited about all the things it can help you do with cloud-native .NET!</p>
<h2 dir="ltr">Custom Root Certificates For Windows Containers</h2>
<p dir="ltr">Windows Server comes preloaded with well-known certificate authorities(CA) in the root store. When your app makes a request to a public system (over https), and that other system has a certificate authorized by a pre-loaded CA you can trust everything is safe and secure. But what about your organization&rsquo;s internal CA? Those certificates are not pre-loaded. Now you can.</p>
<h2 dir="ltr">SMB Services Can Now Use Fully Qualified Domain Names</h2>
<p dir="ltr">Recently, we published a <a href="https://content.pivotal.io/blog/run-net-framework-apps-on-a-modern-platform-with-an-smb-network-share-steeltoe-makes-it-easy">blog post</a> about using the Steeltoe Framework to consume an SMB (Windows) network share. You may have noticed the line &ldquo;At this time, machine names or FQDN are not supported.&rdquo; Happily, we now support these scenarios!</p>
<p>The .NET Developer Experience team at Pivotal did a bit of extra work, on the heels of an update to Windows Server 1803.</p>
<p>&nbsp;</p>
<h2 dir="ltr">.NET Core Containers on Windows Can Now Use The Multi-Buildpack Feature</h2>
<p dir="ltr">For .NET Framework apps, the <a href="https://docs.run.pivotal.io/buildpacks/hwc/index.html">Hosted Web Core (HWC) buildpack</a> is the perfect option. For .NET Core apps on Linux, the <a href="https://docs.run.pivotal.io/buildpacks/dotnet-core/index.html">dotnet_core buildpack</a> is an obvious choice.</p>
<p>There&rsquo;s a third choice you can consider: the <a href="https://docs.run.pivotal.io/buildpacks/binary/index.html">binary buildpack</a> enables a .NET Core app to be a Windows container.</p>
<p>A feature that HWC has but the binary buildpack did not previously share, was using multiple buildpacks while pushing an app. When would you use this capability? Glad you asked!</p>
<p>Let&#39;s say you have a .NET core app that needs to be monitored by a third party APM. That monitoring is in the form of an agent process. Traditionally, the agent would be installed directly on the host running your app. But within a Windows container that same app has a limited relationship with the host. With multi-buildpacks you can first deploy the APM&rsquo;s agent (as its own process) in the container and then deploy your app (also as its own process) in the container. The two can live in modern harmony while staying compatible with traditional systems.</p>
<p>&nbsp;</p>
<h2 dir="ltr">Windows Stemcells and Now Available in Amazon Web Services China</h2>
<p dir="ltr">You asked for it and we heard. Organizations in China love running our platform on Amazon Web Services (AWS).So we paired with AWS China to deliver Windows stemcells for this region. An added bonus: the stemcell works with PASW 2.5 as well as v2.4 and v2.3!</p>
<p dir="ltr">Now our customers using AWS IaaS in China can enjoy cloud-native .NET.</p>
<p dir="ltr">&nbsp;</p>
<h2 dir="ltr">PASW 2012R2 End Of Availability</h2>
<p dir="ltr">As a tear runs down my cheek, we say a bittersweet goodbye to the availability of the Windows Server 2012 R2 stemcell. We will continue to support the stemcell through September 31 2019, but the stemcell will not be available for new deployments.</p>
<p dir="ltr">The Windows Server 2012 R2 stemcell is succeeded by the rich container features Microsoft has made available starting in Windows Server, version 1709 (PASW 2.1,2.2) and Windows Server, version 1803 (PASW 2.3,2.4), and now currently in Windows Server 2019 (PASW 2.5). Windows Server 2012 R2 was the first operating system Pivotal offered BOSH managed .NET containerization as an option, and it holds a special place in our hearts. But as technology goes - we grow, we modernize, and we move on.</p>
<p dir="ltr">Thank you Windows Server 2012 R2 and farewell.</p>
<p dir="ltr">&nbsp;</p>
<h2 dir="ltr">Get Started</h2>
<p dir="ltr">Ready to try out these new features? Head on over to <a href="https://run.pivotal.io/">Pivotal Web Services</a> and create a free account. This will give you access to a fully productionized current version of the Cloud Foundry platform. Grab the sample apps in the <a href="https://github.com/SteeltoeOSS/Samples">Steeltoe Github Samples repo</a> along with the docs on the <a href="https://steeltoe.io/docs">Steeltoe site</a>, and you are off to the races.</p>
<p><br />
Want to learn more about cloud-native .NET? Read Richard Seroter&rsquo;s e-book on <a href="https://content.pivotal.io/ebooks/modernizing-net-applications">modernizing .NET applications</a>.</p>
https://content.pivotal.io/blog/windows-server-2019-and-automation-with-pivotal-application-service-for-windows-2-5
519301942Mon, 29 Apr 2019 13:35:44 -0400David Dieruf9 Must-See Pivotal Talks at Dell Tech World
<p dir="ltr">Dell Tech World is right around the corner, and there&rsquo;s a lot to look forward to. Learn about everything from how you can transform your applications, to building a resilient multi-cloud environment, to the ins and outs of Kubernetes, and more.</p>
<p dir="ltr">With so many great sessions on the schedule, we know how hard it can be to choose from all the options, and have broken down the must-attend sessions at this year&rsquo;s conference. For the comprehensive list of all Pivotal events, <a href="https://docs.google.com/document/d/1sXLrweHxF-3Bw7oJIM3q7p8bFrxA58h3Yi5SwsiiMTA/edit?usp=sharing">click here</a>. For the deep dive, continue on.</p>
<p>&nbsp;</p>
<h2 dir="ltr">Hear from Industry Leaders on their Digital Transformation Journeys</h2>
<p dir="ltr">T.Mobile, Dell.com, and Raytheon are just a sampling of the industry leaders who are sharing their journeys of innovating and iterating on their processes and culture. Hear first-hand experience and lessons learned on how these trailblazers are transforming their organizations and building software that their developers, and customers love (on top of world-class infrastructure). &nbsp;&nbsp;</p>
<p>&nbsp;</p>
<h3 dir="ltr"><a href="https://delltechnologiesworldonline.com/2019/connect/sessionDetail.ww?SESSION_ID=5711">The Evolution of IT at T-Mobile from IaaS to PaaS to CaaS to FaaS</a></h3>
<p dir="ltr">At T-Mobile, the IT team is dedicated to innovation through experimentation. Through new offerings and expected merger with Sprint, the organization continues to grow and expand. &nbsp;The IT organization is actively preparing to scale up their resources to absorb new subscribers. Yosef Yaaran, T-Mobile&rsquo;s Principal Architect will share his developer perspective of the journey from IaaS to PaaS to CaaS and current experimentations with FaaS platforms interview-style with Pivotal&rsquo;s Courtney McShane. &nbsp;</p>
<ul>
<li dir="ltr">
<p dir="ltr">Monday, Apr 29, 4:30 PM - 5:30 PM &nbsp;&amp; Wednesday, May 1, 8:30 AM - 9:30 AM</p>
</li>
<li dir="ltr">
<p dir="ltr">Speakers: Yosef (Seffi) Yaaran, T-Mobile; Courtney McShane, Pivotal</p>
</li>
</ul>
<p>&nbsp;</p>
<h3 dir="ltr"><a href="https://delltechnologiesworldonline.com/2019/connect/search.ww#loadSearch-searchPhrase=pivotal&amp;searchType=session&amp;tc=0&amp;sortBy=&amp;p=">Evolving Customer Engagement at Dell.com</a></h3>
<p dir="ltr">Dell.com has leveraged Pivotal&rsquo;s products and services to drive better performance for customers yielding business results. &nbsp;Dell&rsquo;s Harsh Acharya and Pivotal&rsquo;s Michael Wood will showcase how Dell is evolving the online buyer experience with PCF and Pivotal Labs Methodology. &nbsp;The experience has been leveraged to help other legacy code-base companies with significant data gravity.</p>
<ul>
<li dir="ltr">
<p dir="ltr">Monday, Apr 29, 8:30 AM - 9:30 AM &nbsp;&amp; Wednesday, May 1, 3:00 PM - 4:00 PM</p>
</li>
<li dir="ltr">
<p dir="ltr">Speakers: Harsh Acharya, Dell; Michael Wood, Pivotal</p>
</li>
</ul>
<p>&nbsp;</p>
<h3 dir="ltr"><a href="https://delltechnologiesworldonline.com/2019/connect/sessionDetail.ww?SESSION_ID=5713">How to Improve Scale, Sustainability, Security, and Speed All While Driving Savings</a></h3>
<p dir="ltr">What is the economic cost of the delay in getting new features to production? Once the feature is in production do you have trouble handling increased load? Does the business experience downtime? Do you know where you are vulnerable to attack? To effectively leverage the beauty of ZERO downtime on-premises, the key factor is to ensure lower levels of infrastructure are up-to-date, secure and stable. In this session hear from Raytheon&rsquo;s David Appel, Senior Director, Raytheon Intelligence, Information and Services to learn how a full-stack Cloud Native solution brought the best of Dell Technologies in one via <a href="http://pivotal.io/pra">Pivotal Ready Architecture</a> (PRA). Dell Tech and Raytheon have partnered to speed the delivery of new capabilities to the military faster than ever before.</p>
<ul>
<li dir="ltr">
<p dir="ltr">Monday, Apr 29, 8:30 AM - 9:30 AM&ndash; Murano 3201A</p>
</li>
<li dir="ltr">
<p dir="ltr">Speakers: David Appel, Raytheon; Michael Rhodes, Pivotal; Courtney McShane, Pivotal</p>
</li>
</ul>
<p><br />
&nbsp;</p>
<h2 dir="ltr">Listen to World Class Experts Discuss Kubernetes</h2>
<h3 dir="ltr"><a href="https://delltechnologiesworldonline.com/2019/connect/sessionDetail.ww?SESSION_ID=5823">Kubernetes: Addressing The Real World Challenges</a></h3>
<p dir="ltr">Kubernetes is one of the fastest growing open source technologies, but real-world production usage has yet to catch up with the hype. Walk away from this session empowered by the ability to see through the Kubernetes enthusiasm to the real-world limitations in order to safely deploy in production. &nbsp;You will hear from VMware&rsquo;s Craig McKluckie (founder of Heptio), Pivotal&rsquo;s Chad Sakac, and Dell EMC&rsquo;s George Greenleaf.</p>
<ul>
<li dir="ltr">
<p dir="ltr">Tuesday, Apr 30, 1:30 PM - 2:30 PM</p>
</li>
<li dir="ltr">
<p dir="ltr">Panel: Craig McKluckie, VMware; Chad Sakac, Pivotal; George Greenleaf, Dell EMC</p>
</li>
</ul>
<p>&nbsp;</p>
<h3 dir="ltr"><a href="https://delltechnologiesworldonline.com/2019/connect/sessionDetail.ww?SESSION_ID=5646">Infrastructure Design For Kubernetes</a></h3>
<p dir="ltr">Kubernetes is all the rage, and there are a ton of tools to deploy it. There are installers, cloud managed setups, &nbsp;and full distributions like PKS. But, beyond the software aspect, what is needed to build and provide for a successful container orchestration environment, Host types, storage, networking, and load balancing. Pivotal&rsquo;s Fabio Chiodini who brought a whopping 500+ attendees to his session last year, so get your seat early. &nbsp;You will walk away with an understanding of considerations for choosing compute platforms to run containers. This is a &lsquo;K8s for infrastructure folks&rsquo; talk.</p>
<ul>
<li dir="ltr">
<p dir="ltr">Tuesday, Apr 30, 1:30 PM - 2:30 PM &nbsp;&amp; Thursday, May 2, 1:00 PM - 2:00 PM</p>
</li>
<li dir="ltr">
<p dir="ltr">Speaker: Fabio Chiodini, Pivotal</p>
</li>
</ul>
<p>&nbsp;</p>
<h3 dir="ltr"><a href="https://delltechnologiesworldonline.com/2019/connect/sessionDetail.ww?SESSION_ID=5823">The Whole Shebang: Accelerating Development With The Dell Technology Stack</a></h3>
<p dir="ltr">Moving faster for development is valuable to customers, and therefore to businesses. But there&#39;s so much to think about beyond the high level basics. How can you change the way people work together, but also provide them the tools to support their new skills? From hyper converged infrastructure, to multi-cloud flexibility, to virtualization systems to container platforms, <a href="https://delltechnologiesworldonline.com/2019/connect/sessionDetail.ww?SESSION_ID=6129">Chad Sakac</a> will walk attendees along the roadmap to making this a reality - quickly! Real customer stories will be showcased to shine a light on what you can accomplish when using the full DT Stack.</p>
<ul>
<li dir="ltr">
<p dir="ltr">Tuesday, Apr 30, 1:30 PM - 2:30 PM&ndash; Murano 3203</p>
</li>
<li dir="ltr">
<p dir="ltr">Speaker: Chad Sakac, Pivotal</p>
</li>
</ul>
<h2 dir="ltr">&nbsp;</h2>
<h2 dir="ltr">Highlights At The Conference</h2>
<h3 dir="ltr"><a href="https://delltechnologiesworldonline.com/2019/connect/sessionDetail.ww?SESSION_ID=6266">AI/ML In A Box</a></h3>
<p dir="ltr">The rapidly expanding dependence on AI/ML causes consumption of enormous computing resources and leaves the underlying infrastructure totally stressed out. &nbsp;The Greenplum team has been working hard to bring the best of Dell Technology infrastructure together to solve this issue with a simple &lsquo;in a box&rsquo; offering. Greenplum Building Blocks (GBB) is an open and modern reference architecture designed by Pivotal, using Dell&#39;s advanced computing hardware.</p>
<ul>
<li dir="ltr">
<p dir="ltr">Tuesday, Apr 30, 12:00 PM - 1:00 PM&ndash; Galileo 901</p>
</li>
<li dir="ltr">
<p dir="ltr">Speakers: Derek Comingore &amp; Frank McQuillan, Pivotal</p>
</li>
</ul>
<p>&nbsp;</p>
<h3 dir="ltr"><a href="https://delltechnologiesworldonline.com/2019/connect/sessionDetail.ww?SESSION_ID=6268">Birds of a Feather: How To Build A Resilient, Protected &amp; Affordable Multi-Cloud IT Environment</a></h3>
<p dir="ltr">Leveraging multiple clouds alongside on-prem is becoming popular, but how can you ensure such environments are resilient, protected and affordable. This panel of experts across the Dell Technologies family including our esteemed K8s expert <a href="https://twitter.com/cdavisafc">Cornelia Davis</a>, will discuss how to build a hybrid/multi-cloud environment in a way that makes it ready for prime-time.</p>
<ul>
<li dir="ltr">
<p dir="ltr">Tuesday, Apr 30, 12:00 PM - 1:00 PM&ndash; Lido 3005</p>
</li>
<li dir="ltr">
<p dir="ltr">Speakers: Cornelia Davis, Pivotal; Mark Lohmeyer, VMware; Gil Shneorson, Dell EMC; Arthur Lent, Dell EMC</p>
</li>
</ul>
<h3 dir="ltr"><a href="https://pivotal.io/act">Pivotal Act</a>, an Engine of Human Progress</h3>
<p dir="ltr">The Pivotal Act program partners with humanitarian organizations and charities to identify, design, and develop practical solutions to pressing challenges around the world.&nbsp; Check it out at the Engines of Human Progress exhibit (Booth #823) at this year&rsquo;s conference as they address the question&mdash;How can technology positively impact the lives of young people in foster care?</p>
<p>When you catch a good quote or interesting data point from these sessions, snap a picture and send us some love on Twitter @Pivotal. In addition to stage events, Pivotal Platform Architects will be available for technical discussions live in the ISG Solutions Booth #235 throughout the show.</p>
<p>&nbsp;</p>
<p dir="ltr">Can&rsquo;t make it to Dell Technologies World? Check out the <a href="https://www.delltechnologiesworld.com/live.htm">live stream</a>!</p>
<p>&nbsp;</p>
https://content.pivotal.io/blog/9-must-see-pivotal-talks-at-dell-tech-world
517967119Wed, 24 Apr 2019 13:25:41 -0400Courtney McShaneEnterprise PKS Continues to Deliver: Kubernetes 1.13, Windows Support In Beta, and More
<p dir="ltr" style="text-align: center;"><img alt="" src="https://content.cdntwrk.com/files/aHViPTYzOTc1JmNtZD1pdGVtZWRpdG9yaW1hZ2UmZmlsZW5hbWU9aXRlbWVkaXRvcmltYWdlXzVjYmY0N2YyYzhlYTgucG5nJnZlcnNpb249MDAwMCZzaWc9YzkxYWE0YWI3OTA5NTI3OWYzMWE2Mjg5NmNlOWZkMzM%253D" /></p>
<p dir="ltr">Now the Kubernetes production platform of choice for over 150 customers, the <a href="https://content.pivotal.io/blog/meet-the-pks-family-flexibility-for-your-kubernetes-architectures">Pivotal Container Service (PKS) family</a> continues its rapid release cadence. Today we&rsquo;re excited to announce the general availability (GA) of Enterprise PKS 1.4 and the Beta of Enterprise PKS 1.5 with support for Windows worker nodes.</p>
<p dir="ltr">Enterprise PKS helps organizations like <a href="https://content.pivotal.io/blog/3-reasons-behind-t-mobile-s-success-with-kubernetes">T-Mobile</a> apply the <a href="https://content.pivotal.io/white-papers/pivotal-platform-solutions-why-you-should-treat-platform-as-a-product">Platform as Product</a> approach to delivering Container-as-a-Service to their internal customers, based on the latest Kubernetes innovations, integrated and packaged with enterprise-proven technologies.</p>
<p dir="ltr">Speaking of innovations, let&rsquo;s take a spin through what&#39;s included in Enterprise PKS 1.4.&nbsp;</p>
<p dir="ltr">&nbsp;</p>
<h2 dir="ltr">Enterprise PKS With Kubernetes 1.13</h2>
<p dir="ltr">PKS 1.4 ships with <a href="https://blogs.vmware.com/cloudnative/2018/12/03/a-very-stable-kubernetes-1-13/" target="_blank">Kubernetes 1.13.5</a>. This Kubernetes release drives up stability and serves up these noteworthy features:</p>
<ul>
<li dir="ltr">
<p dir="ltr"><strong>Container Storage Interface hits GA, enabling pluggable storage &amp; greater flexibility</strong>. One of the overarching goals of the Kubernetes project: remove vendor code where possible. The community also strives to create a pluggable architecture. With Kubernetes 1.13, both objectives advance, as the <a href="https://github.com/kubernetes/enhancements/issues/178" target="_blank">CSI moving to general availability</a>. End users can expect to see a wider range of storage options and greater flexibility switching between them.</p>
</li>
<li dir="ltr">
<p dir="ltr"><strong>CoreDNS is enabled by default.</strong> Life gets easier for administrators since Kubernetes 1.13 makes&nbsp;<a href="https://github.com/kubernetes/enhancements/issues/566" target="_blank">CoreDNS</a> the default cluster DNS server for the project. That means one less decision for users!</p>
</li>
<li dir="ltr">
<p dir="ltr"><strong>AZ-enabled volume resilience</strong>. Your in-tree vSphere cloud provider volumes are now multi-AZ aware. This is achieved by matching Kubernetes failure domain tags with vSphere zone tag values.</p>
</li>
</ul>
<p dir="ltr">Check out the full set of Kubernetes 1.13 features <a href="https://kubernetes.io/blog/2018/12/03/kubernetes-1-13-release-announcement/" target="_blank">here</a>. One other note: version 1.13 had a 23% shorter release cycle. Remarkable progress in a much shorter duration!</p>
<p dir="ltr">&nbsp;</p>
<h2 dir="ltr">A Simpler, Faster Install Experience on VMware Infrastructure</h2>
<p dir="ltr">As a joint Pivotal and VMware project, you&rsquo;d expect Enterprise PKS to be the best Kubernetes experience on VMware infrastructure. In 1.4, we take that to the next level by streamlining the VMware install experience with a new configuration tool. To be shipped as a Virtual Appliance (OVA), this will provide a one-stop configuration tool that captures and cross-checks all the configuration details needed to set up Enterprise PKS.</p>
<p dir="ltr">Specifically, you&rsquo;ll notice it will be easier to install and configure OpsManager, the PKS tile, the Harbor tile, and vROPS. This automation will also extend to NSX-T resource creation, and when deploying Enterprise PKS to custom NSX-T topologies.</p>
<p dir="ltr" style="text-align: center;"><img src="https://content.cdntwrk.com/files/aHViPTYzOTc1JmNtZD1pdGVtZWRpdG9yaW1hZ2UmZmlsZW5hbWU9aXRlbWVkaXRvcmltYWdlXzVjYmY0NGQ2YzAzMjQucG5nJnZlcnNpb249MDAwMCZzaWc9ZmE0OWVmYmJhM2FhYjRhMTYyZDkyNzZiYTZjNWI3ZGI%253D" /></p>
<p>&nbsp;</p>
<h2 dir="ltr">One OpsMan To Rule All The Abstractions</h2>
<p dir="ltr">If you&rsquo;re using the full capabilities of PCF, PKS 1.4 provides the convenience of managing both Pivotal Application Service (PAS) and Pivotal Container Service (PKS) from a single OpsManager instance. That means you will be able to deploy both from a single UI:</p>
<p dir="ltr" style="text-align: center;"><img alt="" src="https://content.cdntwrk.com/files/aHViPTYzOTc1JmNtZD1pdGVtZWRpdG9yaW1hZ2UmZmlsZW5hbWU9aXRlbWVkaXRvcmltYWdlXzVjYmY0NTQ0NWMxN2YucG5nJnZlcnNpb249MDAwMCZzaWc9OWU4OWViYzkzYTBmOTlkYTc2NjJmM2EzN2M2N2MzZWQ%253D" /></p>
<p dir="ltr" style="text-align: center;">&nbsp;</p>
<h2 dir="ltr">NSX-T 2.4 Simplifies Networking for Kubernetes</h2>
<h2 dir="ltr" style="text-align: center;"><img src="https://content.cdntwrk.com/files/aHViPTYzOTc1JmNtZD1pdGVtZWRpdG9yaW1hZ2UmZmlsZW5hbWU9aXRlbWVkaXRvcmltYWdlXzVjYmY0NTg3MDg4MGQuanBnJnZlcnNpb249MDAwMCZzaWc9OWE1MjQ5OGUzZmVkOTYzYTYxNzAzZjVlODg1ZWNmZmI%253D" style="float: left;" /></h2>
<p dir="ltr">NSX-T 2.4 is a <a href="https://blogs.vmware.com/networkvirtualization/2019/02/introducing-nsx-t-2-4-a-landmark-release-in-the-history-of-nsx.html/" target="_blank">landmark release</a> for VMware&rsquo;s network virtualization platform. It delivers new levels of operational simplicity, infrastructure-as-code, plus intrinsic security, scale, resilience, and performance. Enterprise PKS 1.4 adds support for NSX-T 2.4. What&rsquo;s more, you don&rsquo;t pay a dime extra - it&rsquo;s included with the service!</p>
<p dir="ltr">&nbsp;</p>
<h2 dir="ltr">PKS 1.4 Helps You Run in Production, at Scale</h2>
<p dir="ltr">PKS 1.4 adds new operational capabilities to help you get the maximum value from Kubernetes. Here are a few highlights:</p>
<ul>
<li dir="ltr">
<p dir="ltr"><strong>Pod Security Policies offer more control over workload execution. </strong>Pod Security Policies are a cluster-level resource that defines a set of run conditions a pod must adhere to in order to be accepted into the system.</p>
</li>
<li dir="ltr">
<p dir="ltr"><strong>Cluster Admin resource quotas limit memory and vCPU usage. </strong>PKS operators can now put an upper limit on the total memory and compute resources a user can allocate across one or more clusters.</p>
</li>
<li dir="ltr">
<p dir="ltr"><strong>Self-service KubeConfig replaces complex scripts.</strong> Developers can access their KubeConfig without custom security scripts. It&rsquo;s all thanks to UAA/LDAP integration.</p>
</li>
<li dir="ltr">
<p dir="ltr"><strong>Backup and restore for all types of clusters. </strong>Operators can recover s<span style="color: rgb(85, 85, 85);">ingle and multi-master clusters&nbsp;</span>from unplanned outages.</p>
</li>
<li dir="ltr">
<p dir="ltr"><strong>New Pod and Cluster log sinks for more flexibility.</strong> Developers can send pod logs via Webhook and cluster metrics via Telegraf input/output plugins.</p>
</li>
</ul>
<ul>
<li dir="ltr">
<p dir="ltr"><strong>Update existing clusters for dynamic reconfiguration.</strong>&nbsp;Operators can update the settings of a deployed cluster either via CLI or API. Network profiles will be the first area to receive this capability.</p>
</li>
<li dir="ltr">
<p dir="ltr"><strong>Per-cluster DNS resolution for multi-tenant DNS isolation. </strong>Operators can<strong>&nbsp;</strong>Customize your cluster DNS to suit tenants and/or workloads via network profiles.</p>
</li>
<li dir="ltr">
<p dir="ltr"><strong>vRealize Operations Suite observability for Hosts and Containers.</strong> Integration with VMware&rsquo;s monitoring suite provides a single infrastructure view, now including resources and workloads running in Kubernetes.</p>
</li>
</ul>
<p>PKS 1.4 is now available for download from&nbsp;<a href="https://network.pivotal.io/products/pivotal-container-service">the Pivotal Network</a>.</p>
<p>&nbsp;</p>
<h2 dir="ltr">Kubernetes 1.14 Opens Windows&hellip; Workloads</h2>
<p dir="ltr"><a href="https://kubernetes.io/blog/2019/03/25/kubernetes-1-14-release-announcement/" target="_blank">Kubernetes 1.14</a> has declared Windows Node support to be &ldquo;stable,&rdquo; enabling clusters to support both Linux and Windows Server (including Nano) operating systems. <strong>Kubernetes 1.14 will ship with Enterprise PKS 1.5</strong>, and will open up Kubernetes to the world of .NET applications like never before. And the timing couldn&rsquo;t be better, as we&rsquo;re approaching the <a href="https://www.microsoft.com/en-us/cloud-platform/windows-server-2008" target="_blank">End-of-Support for Windows Server 2008</a> in less than a year.</p>
<p dir="ltr">PAS customers have long enjoyed full Windows support, built on BOSH&rsquo;s stemcell model for embedded operating system images. Because Enterprise PKS also relies on BOSH, operational maturity - seasoned through many years managing the Windows OS in PAS&mdash; will automatically be available to PKS customers.</p>
<p dir="ltr" style="text-align: center;"><img src="https://content.cdntwrk.com/files/aHViPTYzOTc1JmNtZD1pdGVtZWRpdG9yaW1hZ2UmZmlsZW5hbWU9aXRlbWVkaXRvcmltYWdlXzVjYmY0NmNhZThhNzMucG5nJnZlcnNpb249MDAwMCZzaWc9YzM5M2I1YmQyNjU3YjJkMjM3Y2UxZWMzZjNhNjFkZDQ%253D" /></p>
<p dir="ltr" style="text-align: center;">&nbsp;</p>
<h2 dir="ltr">Get Started with Enterprise PKS 1.4 Today</h2>
<p dir="ltr">PKS 1.4 is now available for download from&nbsp;<a href="https://network.pivotal.io/products/pivotal-container-service">the Pivotal Network</a>.</p>
<p dir="ltr">For more information on PKS 1.4 &nbsp;you can also check out the&nbsp;<a href="http://blogs.vmware.com/cloudnative/2019/04/23/enterprise-pks-1-4/" target="_blank">VMware blog</a>.</p>
<h2>Sign up for the PKS 1.5 Beta.</h2>
<p>Want to test-drive Windows on Kubernetes? Then <a href="https://k8s.vmware.com/windows-containers-on-kubernetes/" target="_blank">sign-up for the Enterprise PKS 1.5 beta</a>. We&rsquo;ll be in touch in the coming weeks.</p>
<h3 dir="ltr">Sign up for a Kubernetes Webinar with T-Mobile and Forrester:</h3>
<ul>
<li dir="ltr">
<p dir="ltr"><a href="https://content.pivotal.io/webinars/may-29-deploying-kubernetes-to-drive-business-not-complexity-webinar">Deploying Kubernetes to drive business not complexity</a></p>
</li>
</ul>
<h3>View these Recent Kubernetes Webinars:</h3>
<ul>
<li dir="ltr">
<p dir="ltr"><a href="https://content.pivotal.io/webinars/apr-11-6-things-you-need-to-know-to-safely-run-kubernetes-webinar">6 Things You Need To Know To Safely Run Kubernetes</a></p>
</li>
<li dir="ltr">
<p dir="ltr"><a href="https://content.pivotal.io/webinars/apr-30-how-to-configure-kubernetes-for-enterprise-workloads-webinar">How To Configure Kubernetes For Enterprise Workloads</a></p>
</li>
<li dir="ltr">
<p dir="ltr"><a href="https://content.pivotal.io/webinars/mar-13-pcf-the-power-of-cloud-foundry-and-kubernetes-in-a-single-platform-webinar">The Power Of Cloud Foundry and Kubernetes In A Single Platform</a></p>
</li>
</ul>
<h3>Read these Blog Posts:</h3>
<ul>
<li dir="ltr">
<p dir="ltr"><a href="https://content.pivotal.io/intersect/the-cios-guide-to-kubernetes">The CIOs Guide To Kubernetes</a></p>
</li>
<li dir="ltr">
<p dir="ltr"><a href="https://content.pivotal.io/blog/3-reasons-behind-t-mobile-s-success-with-kubernetes">3 Reasons Behind T-Mobile&rsquo;s Success With Kubernetes</a></p>
</li>
<li dir="ltr">
<p dir="ltr"><a href="https://content.pivotal.io/blog/bosh-fundamentals-for-pks">BOSH Fundamentals for PKS Administrators</a></p>
</li>
</ul>
<h3>And <a href="https://springoneplatform.io/" target="_blank">Join us at SpringOne Platform!</a></h3>
https://content.pivotal.io/blog/enterprise-pks-kubernetes-windows
517504945Tue, 23 Apr 2019 13:27:58 -0400Elisabeth HendricksonA Brief History of Agile, Part 1: The Rise of Waterfall
<p dir="ltr"><em>The story of Agile has only just begun. This post is the first of three in a series documenting the history of Agile, an approach to software found across the world&mdash;from Airbnb to Apple, startups to multinational companies&mdash;focused on iterative development. By understanding the past of this methodology, we can gain insight into software&rsquo;s future.</em></p>
<p>Agile is not really about computers or software, it&rsquo;s about the organization of people. And to properly tell this story, we&rsquo;ll need to stop at a few places with a theoretical time machine. So let&rsquo;s start in 1799, with the foundation of the Royal Institution of Great Britain (the Ri). The Ri remains a premier academy for the best scientists and natural philosophers to this day, but the real reason we start our journey here is to show just how young our industry really is.</p>
<p dir="ltr">Let&rsquo;s jump to 1818, with the founding of the Institution of Civil Engineers. This professional body came together just over 200 years ago, even though bridge building has been around for much longer as a trade. Bridge building is often used as a metaphor for software delivery&mdash;the team comes together to build something resilient that will be used by the masses.</p>
<p>&nbsp;</p>
<h2 dir="ltr">Stars, Missiles, and Moon Landers</h2>
<p>Now we travel to 1875, where the first &ldquo;human computers&rdquo;&mdash;and the term computing and computers&mdash;were used for the first time. These computers were actually a group of women at a Harvard University lab doing star chart analysis. At this period in time, the &ldquo;high sciences,&rdquo; were done predominantly by men, and the data processing and computational work was done by the women in these types of labs. Despite the scenario, these women went on to find some amazing discoveries&mdash;including spectral analysis of stars and celestial bodies to determine the material makeup of planets and stars.</p>
<p dir="ltr" style="text-align: center;"><img src="https://lh4.googleusercontent.com/K7HZ-aP1l9wruE5EAo8MFzKN1mvaVlVOfoAhf3UmYmo0Mh6cIKQFDBNyYGwqU3IN82MRKo0_2_NuqNtzseG62drSwoaxu9mmxRn-k3hnZa4a5BwU43GmW8O33zraXNZ3M7EcmLVq" /></p>
<p dir="ltr" style="color: rgb(170, 170, 170); font-style: italic; text-align: center;"><sup>Photo courtesy of Wikimedia Commons</sup></p>
<p dir="ltr">From the stars of 1875 we&rsquo;ll move briskly into the 1940s, when the first Turing complete computer was created. This was done predominantly around the second World War for the use of ballistic missile trajectories and code-breaking. This is where we see the first real computers&mdash;as we know them&mdash;really start to take shape. Even though these machines used more analog technologies (vacuum tubes rather than silicon chips), they might still be something that we&rsquo;d recognize today.</p>
<p dir="ltr">In 1965, Margaret Hamilton, a developer at NASA, coined the term &ldquo;software engineering.&rdquo; But &nbsp;similar to the days of the &ldquo;human computers&rdquo; at Harvard, software was seen as a kind of second-class lower science, less interesting work. Hamilton was a big proponent of trying to bring discipline from hardware engineering into the real of software engineering. She famously said, &quot;The space mission software had to be man-rated. Not only did it have to work, it had to work the first time. And not only did the software itself have to be ultra-reliable, it needed to be able to perform error detection and recovery in real time.&quot; A significant, intense ask that makes me grateful we have some abstractions to help us with our software delivery today.</p>
<p dir="ltr" style="text-align: center;"><img src="https://lh5.googleusercontent.com/TCvYyT0xrnYZE1F6k1_S5gGDjadsgQoPXVs5f71NfGuiCDb8-tEaa8z89dMfSE-Ddj_3UJbmFSViEAKXZa_ph01iDs3JIj8zP5HJbissR8g0O8VBvhj7IuurEbbAOT3bBUy0PvjC" /></p>
<p dir="ltr" style="color: rgb(170, 170, 170); font-style: italic; text-align: center;"><sup>Hamilton at NASA, Photo courtesy of Creative Commons</sup></p>
<p dir="ltr">We can see that many of the early software projects were about the critical importance of maintaining safety. Sending people into space has to be right the first time. Space missions are incredibly expensive and there&rsquo;s a huge amount of government funding and accountability. The same goes for the cryptanalysis during World War II, lives were hanging in the balance. The importance of these projects really required a cautious method because they were so safety critical, which is how we get to early Waterfall development.</p>
<p dir="ltr">&nbsp;</p>
<h2 dir="ltr">A Risky Implementation That Invites Failure</h2>
<p dir="ltr">In 1970 Winston Royce published a paper called Managing the Development of Large Software Systems where he draws the following graph, which looks very much like a waterfall going from system requirements, analysis, coding, testing, and operations.</p>
<p dir="ltr" style="text-align: center;"><img src="https://lh6.googleusercontent.com/P21HxIwg-3tQPBW-ZKq4nd1FWNTlXGIrQdiAn3WxBXsge6inNXMVKuLhffEFgOdR8IkRFyZUp5q5pNwrNtkonf2pLAeAQ4VVyWWRd2evQwCUWlwTd0zGo6-NrGYAUwBvrHLddMdO" /></p>
<p dir="ltr">But before we overly burden Royce too much, immediately after this graphic he says, &quot;I believe in this concept, but the implementation described above is risky and invites failure. Required design changes are likely to be so disruptive that the software requirements upon which the design is based and which provides the rationale for everything are violated.&quot;</p>
<p dir="ltr">In other words, Royce is saying that cost increases as time goes on, and this graph really represents that. If the cost of change is exponential in these systems, then it demands that you have to know exactly what&#39;s happening in the previous step. It has to be accurate. It has to be validated before going to the next step because as you move through each step, it gets exponentially more expensive if there is changed required, whether that is an error or whether that is a change of the requirements.</p>
<p dir="ltr" style="text-align: center;"><img src="https://lh3.googleusercontent.com/tfZ8Jxhlb7dI3Ar56RbagBoozeWcVsHnatL4_CCf5l6flf_nUPztVo5YfxPZEI2sHJeDn5exW9MWi-pMbDOWMW53oimDXHimtTs-sJSMVJImXk2O2qb-_aHAsQzBfAWLoaYe9pA7" /></p>
<p><br />
&nbsp;</p>
<h2 dir="ltr">Tragic Consequences</h2>
<p dir="ltr">With Waterfall, there&rsquo;s a strict structure which means every decision has to be right, and every advancement requires a formal sign-off. What follows are some case studies (some more extreme than others) where this perfectionism a waterfall process broke down:</p>
<p>The mid-1980&rsquo;s gave us wonderful music and regrettable hair choices, but there are also some tragic engineering missteps. Take the Therac-25, a computer controlled X-ray machine that accidentally gave at least six patients&nbsp;<a href="https://hackaday.com/2015/10/26/killed-by-a-machine-the-therac-25/" target="_blank">a massive overdose of radiation</a>, hundreds of times greater than the intended amount.</p>
<p dir="ltr">This ultimately led to three deaths due to radiation poisoning, and reports that followed placed the blame on overconfident engineers, a lack of process to resolve reported bugs, and poorly-designed malfunction alerts to the radiologist. The machine knew that it was giving too high a dosage, and it would show a very ambiguous message to the radiologist who was then able to override the system and issue a really significant and lethal radiation dosage.</p>
<p dir="ltr">Another example can be seen in London&rsquo;s computer-aided dispatch in 1992. This was a computer system, which aimed to replace a paper-based system and increase the efficiency for the dispatch of London ambulances. Great idea but the result was a disaster. It saw multiple units being sent to the same address and no units being sent to others. Calls got lost, which resulted in repeat calls, which were logged in the system individually. This congested system couldn&rsquo;t handle the volume of calls, which was unexpectedly high because they were able to accurately dispatch the ambulances.</p>
<p>There was no rollback. There was no plan B. The process only included one plan, with no adaptability. In the media that followed, there were reports of between 30 and 45 deaths, all due to a software release process gone horribly wrong.</p>
<p>&nbsp;</p>
<h2 dir="ltr">Takeaways From The Failures of Waterfall</h2>
<h4 dir="ltr">Assumptions About The Accuracy Of the Previous Step</h4>
<p dir="ltr">If we go back to the waterfall process you can see the major failings: the inaccurate assumptions, and the clunky sign-off process. But these are related. Often in Waterfall, the people who are signing off for a team to get to the next step are not the most familiar with the project. They&rsquo;re just looking through requirements and saying if everything looks good. This top-down approach defaults to a process where those who sign-off are making assumptions, and they don&rsquo;t have the day-to-day experience of working on the project to help their judgment.</p>
<h4 dir="ltr">Too Much Pressure Around Fixed Scope, Time, and Cost</h4>
<p dir="ltr">When managers push developers and their teams to work longer and harder to meet their contractual demands, it&rsquo;s ultimately going to result in producing poorer quality software. They&rsquo;re going to make sure they&#39;re getting that sign-off process without necessarily making sure whether what they are building is the right implementation.</p>
<h3 dir="ltr">Integrated Testing Happens Too Late, If At All</h3>
<p dir="ltr">In the case of Therac-25, there was no end-to-end testing. The first time that everything worked together was in the hospital itself, which is quite a scary thought.</p>
<h3 dir="ltr">No Validation Of User Needs and Interactions</h3>
<p dir="ltr">Again, think about those radiologists and the messages which they would see, or how the ambulance dispatchers were overwhelmed from the call volumes. and how to handle those call volumes. There was no A/B test, no small trial, just a really big launch that proved many people didn&rsquo;t understand what was really needed to solve the problem accurately.</p>
<h3 dir="ltr">Process, Not People-Centric</h3>
<p dir="ltr">Ultimately, Waterfall&rsquo;s biggest failing is that it puts its trust in a system, not the people working on a product. If your system does not empower the team to test ideas and change requirements based on these tests, then it is simply structure for the sake of structure. This reduces the accountability of individuals and puts more emphasis on successfully passing a gate, over building the right product.</p>
<p>&nbsp;</p>
<h2 dir="ltr">The Path To Agile</h2>
<p dir="ltr">We&rsquo;ve covered a lot so far, and many brilliant people. Margaret Hamilton and Winston Royce pioneered the Waterfall method and then Thomas E. Bell and T.A. Thayer help bring the term to the forefront (the first use of &ldquo;waterfall&rdquo; may have been in <a href="https://static.aminer.org/pdf/PDF/000/361/405/software_requirements_are_they_really_a_problem.pdf" target="_blank">this paper</a>) by the late 1960s. But despite a name that suggests free flowing movement, not much happens to improve the Waterfall process after 1976. There is a small amount of progress around the discipline of project management, but the structure remains largely intact.</p>
<p>And while the cautious Waterfall approach resulted in some breakthroughs, there are some clear ramifications of following it strictly. In order to get us to 2001, when <a href="https://agilemanifesto.org/" target="_blank">the Agile manifesto</a> is created and published, we have to look at another industry&mdash;manufacturing&mdash;and how it evolved and influenced thousands of companies across the world. We&rsquo;ll explore this path in part two of this blog series.</p>
https://content.pivotal.io/blog/a-brief-history-of-agile-part-1-the-rise-of-waterfall
516398836Thu, 25 Apr 2019 16:58:40 -0400Robbie CluttonIt’s Time to Marry DevOps and Cybersecurity
<p dir="ltr" style="text-align: center;"><img alt="" src="https://content.cdntwrk.com/files/aHViPTYzOTc1JmNtZD1pdGVtZWRpdG9yaW1hZ2UmZmlsZW5hbWU9aXRlbWVkaXRvcmltYWdlXzVjYWZjOTJmMWE0ZTEuanBnJnZlcnNpb249MDAwMCZzaWc9ZjNiZjkxMDJhZjE0MTZiNzAyOTMyZDIzMzViNDliZmU%253D" /></p>
<p dir="ltr">I had the opportunity to speak at <a href="https://2019.fossasia.org/" target="_blank">FOSSASIA Summit 2019</a>, Asia&rsquo;s premier developer event, which was held from March 14th to 17th this year in Singapore. This year also marked the 10th year anniversary of the summit, and it was an absolute pleasure to be part of the occasion.</p>
<p dir="ltr">In a room with almost 200 developers, programmers, and technologists, I shared my thoughts on <em>Integrating DevOps and Cybersecurity</em>. Similar to my session topic, this post will explore why integrating DevOps and cybersecurity is a business imperative today.</p>
<p>&nbsp;</p>
<h2 dir="ltr">Why DevOps and Cybersecurity?</h2>
<p dir="ltr">To succeed in the growing digital economy, organisations need to transform their operations to accommodate the increased market speed, and implementing a <a href="https://pivotal.io/devops">DevOps</a> culture and platform is a great place to start. Organisations also need their teams to be able to respond to business needs swiftly. Bringing together development (Dev) and IT operations (Ops), as well as a platform that enables developers to deploy the code they build, &nbsp;improves business scalability and innovation. It also facilitates greater collaboration, communication and joint responsibility for the success of software delivery.</p>
<p>In recent years, however, the risk landscape has changed drastically. Cyberattacks are rising in frequency, complexity, and impact as attackers take advantage of security risks to infiltrate enterprise infrastructure. As such, more organisations are amending their business priorities to include cybersecurity &nbsp;strategies. According to IDC&rsquo;s <a href="https://www.idc.com/getdoc.jsp?containerId=prUS44935119" target="_blank">Worldwide Semiannual Security Spending Guide</a>, worldwide spending on security-related hardware, software and services is estimated to reach $103.1 billion in 2019, an increase of 9.4% from 2017.</p>
<p dir="ltr">Given the scale and velocity imposed by processes in today&rsquo;s threat landscape, organisations can no longer depend on current reactive approaches to cybersecurity. They will need to take a &lsquo;<a href="https://content.pivotal.io/blog/runc-vulnerability-secure-by-default-platform?utm_source=pivotal-newsletter&amp;utm_medium=email-link&amp;utm_campaign=external-newsletter&amp;mkt_tok=eyJpIjoiWmpjMU5ETmlNbVExTVdVNCIsInQiOiJaOTVCQUdLVzRCWWprTWRhUmR6RjYwWWVTcjV6aGhUUjZNZnZidjNQV1pXOUNjSng3OGZBRlkrRU1xOVk1a0tUd0NSWllJeEQ2T2tSMnY1TXV5dzVGdz09In0%3D">secure by default</a>&rsquo; posture, integrating cybersecurity right from the start. To balance technology and risk reduction, organisations must consider a DevSecOps (this hot new buzzword is really just about combining DevOps with <a href="https://pivotal.io/cloud-native-security">cloud-native security</a> principles) strategy due to its proven effectiveness.</p>
<p>&nbsp;</p>
<h2 dir="ltr">Metrics to Measure Your Cloud-Native Security</h2>
<p dir="ltr">Successful DevOps strategy comprises of several characteristics which will impact the culture, process, and tooling in an organisation&mdash;the same applies for any DevSecOps methodologies that organisations are adopting.</p>
<p dir="ltr">By making security intrinsic across all processes, the DevOps and security teams will need to work even closer than before. However, it&rsquo;s a challenge for security teams to avoid becoming a bottleneck. Security methods have to keep up as businesses become more agile and want to reduce the time-to-market of new products and features.</p>
<p dir="ltr">To successfully adopt DevSecOps methodologies, organisations will need to create a culture that fosters cross-team collaborations and innovation. As with other new processes, organisations will need to introduce outcomes and metrics that are focused on security to ensure all teams are aligned. These can be:</p>
<p>&nbsp;</p>
<h3 dir="ltr">1. Security Flow: Improve velocity to fix problems faster</h3>
<ul>
<li dir="ltr">
<p dir="ltr">Time to Patch Servers</p>
</li>
<li dir="ltr">
<p dir="ltr">Time to Detect / Time to Exploit</p>
</li>
<li dir="ltr">
<p dir="ltr">Release Efficiency (time spent on coding vs testing)</p>
</li>
<li dir="ltr">
<p dir="ltr">Accuracy of Test Suites (number of False Positives / False Negatives)</p>
</li>
</ul>
<p>&nbsp;</p>
<h3 dir="ltr">2. Resilience: Improve your capacity to respond and recover</h3>
<ul>
<li dir="ltr">
<p dir="ltr">Mean Time to Recovery</p>
</li>
<li dir="ltr">
<p dir="ltr">Time Since Last Rebuild</p>
</li>
</ul>
<p>&nbsp;</p>
<h3 dir="ltr">3. Risk Reduction: Reduce the risk that matters at the source</h3>
<ul>
<li dir="ltr">
<p dir="ltr">Percentage of Code Covered by Tests (TDD)</p>
</li>
<li dir="ltr">
<p dir="ltr">Time Since Last Patch</p>
</li>
<li dir="ltr">
<p dir="ltr">Time Since Last Rotation of Certificates / Passwords</p>
</li>
<li dir="ltr">
<p dir="ltr">Number of Threat Scenarios / Abuser Cases identified and tested</p>
</li>
<li dir="ltr">
<p dir="ltr">Number of Human Modifications in Production</p>
</li>
</ul>
<p dir="ltr">&nbsp;</p>
<h2 dir="ltr">Security Cannot be an Afterthought</h2>
<p dir="ltr">By starting security in an outcome-driven manner, organisations can determine the metrics they would like to improve. This will in turn impact <a href="https://content.pivotal.io/blog/smarter-cybersecurity-strategies">how organisations plan out their processes</a>. Some questions your team might want to ask include do we need more automation? Do we need more upfront testing? Are we trying to improve compliance?</p>
<p dir="ltr">Without clearly-defined outcomes and metrics, results achieved by the teams can become subjective and teams may be misaligned on the goals that they should be collectively working towards. And the safety of a business and its customer data cannot afford to be needlessly unclear or at-risk.</p>
<p dir="ltr">Culture plays a vital role in helping organisations successfully adopt DevSecOps methodologies and becoming Agile. As with DevOps, whereby developers and operations work closely together, security should not be siloed too&mdash;it should be everyone&rsquo;s responsibility. Having a common, collaborative joint mindset across teams will break down any barriers and support the agility that their core business and the modern threat environment demand.</p>
<p>&nbsp;</p>
<p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;">&nbsp;</p>
<hr />
<p><em>Want to hear about some real-world examples of modern security? <a href="https://content.pivotal.io/webinars/feb-20-cloud-native-security-processes-and-tools-for-real-world-transformation-webinar">Watch a replay of this conversation</a> that discusses application development code security in pre-production as well as runtime security at scale.</em></p>
https://content.pivotal.io/blog/devops-and-cybersecurity
514543968Thu, 11 Apr 2019 19:11:05 -0400Sachin ShridharMetric Store: A Cloud-Native Time Series Database for Cloud Foundry
<p dir="ltr"><a href="https://www.cloudfoundry.org/">Cloud Foundry</a> strives to simplify operational tasks for the application developer whenever possible.</p>
<p>For example, Cloud Foundry (CF) makes application deployment and application monitoring relatively trivial for developers. Self-service access to telemetry is a big part of this convenience. CF serves up logs, events, and metrics so developers can better understand the health of their app.</p>
<p>This experience within CF has gotten even better recently with the addition of the <a href="https://github.com/cloudfoundry/log-cache">Log Cache</a>, an in-memory firehose cache.</p>
<p>Today, we are pleased to announce a new feature that even further improves the access to telemetry: <a href="https://github.com/cloudfoundry/metric-store-release">Metric Store</a>, a time-series database for Cloud Foundry. Let&rsquo;s talk about how this new capability improves on the idea behind Log Cache, and ultimately, the developer experience.</p>
<p>When we initially released Log Cache, one of the most frequent user requests was a longer cache duration and durability across VM restarts. We addressed some of those desires with more VMs and more memory. But we quickly understood that the community was asking for a different product altogether. When we continued hearing requests for persistence, compression, and a robust query interface, it became clear that what they really wanted was a time series database.</p>
<p>Metric Store features the auth model from Log Cache, the PromQL API from Prometheus, and the <a href="https://docs.influxdata.com/influxdb/v1.7/concepts/storage_engine/">Time-Structured Merge storage engine</a> from InfluxDB. After mixing this all together, we created Metric Store, a new component that persists all metrics from the Cloud Foundry Loggregator pipeline on its disk.</p>
<p>Here are three things you need to know about this new data store:</p>
<ol>
<li dir="ltr">
<p dir="ltr"><strong>It&rsquo;s multi-tenant aware. </strong>You only have access to metrics from your apps.</p>
</li>
<li dir="ltr">
<p dir="ltr"><strong>It&rsquo;s easy to query. </strong>Metric Store is 100% compatible with the Prometheus API.</p>
</li>
<li dir="ltr">
<p dir="ltr"><strong>It has a powerful storage engine. </strong>The InfluxDB storage engine has built-in compression and a memory-efficient series index.</p>
</li>
</ol>
<p>Install Metric Store, and you&rsquo;ll get a single VM to ingest all the counter and gauge metrics from the Loggregator Reverse Log Proxy. And you&rsquo;ll be able to query them immediately using the PromQL HTTP API.</p>
<p>Metric Store is now available for open source users of Cloud Foundry. You can deploy a single-node Metric Store with the BOSH release on the official <a href="https://bosh.io/releases/github.com/cloudfoundry/metric-store-release?all=1">BOSH release registry</a>. The <a href="https://github.com/cloudfoundry/metric-store-release">code is up on GitHub</a>.</p>
<p>We are also exploring a commercial version for use with <a href="https://pivotal.io/platform">Pivotal Cloud Foundry</a>. We can imagine that some customers might be interested in multi-node deployments, data replication, hinted handoff, and load balancing in a highly-available configuration. (We&rsquo;re exploring how Metric Store might work for Kubernetes as well.)</p>
<p>Now you know how Metric Store improves app observability in Cloud Foundry. Let&rsquo;s examine how it works.</p>
<h2 dir="ltr">An Inside Look at Metric Store</h2>
<p dir="ltr">Metric Store is composed of four processes:</p>
<ol>
<li dir="ltr">
<p dir="ltr">The <strong>Nozzle</strong> connects to the RLP and provides filtered and formatted data to Metric Store.</p>
</li>
<li dir="ltr">
<p dir="ltr">The <strong>Gateway</strong> is a gRPC to JSON converter that allows incoming HTTPS queries from GoRouter.</p>
</li>
<li dir="ltr">
<p dir="ltr">The <strong>Auth Proxy</strong>&nbsp;takes in valid PromQL queries and filters access based on user-provided UAA tokens.</p>
</li>
<li dir="ltr">
<p dir="ltr">And finally, <strong>Metric Store</strong> is responsible for data storage and query processing.</p>
</li>
</ol>
<p>This diagram shows how they all fit together:</p>
<p dir="ltr"><img alt="" src="https://content.cdntwrk.com/files/aHViPTYzOTc1JmNtZD1pdGVtZWRpdG9yaW1hZ2UmZmlsZW5hbWU9aXRlbWVkaXRvcmltYWdlXzVjYWU0OWJiNWUzZTIucG5nJnZlcnNpb249MDAwMCZzaWc9Y2ViYjZhZjRjNTIxYjlmOGRhYjJiOTUwMjIyYjBkMDQ%253D" /></p>
<p>With the exception of Metric Store itself, most of the other components are very similar to their counterparts in Log Cache. There were some additions made to the Auth Proxy to allow expanded PromQL support. But otherwise very little has changed.</p>
<p>The Metric Store process is where the magic happens. As mentioned above, we made the decision to use the InfluxDB storage engine for data persistence. This delivers great read and write performance in addition to native compression. We are also using the new <a href="https://docs.influxdata.com/influxdb/v1.7/concepts/time-series-index/">TSI index format</a>, which provides a tremendous reduction in the memory needed to store high-cardinality data. Additionally, on-disk shards span one day, so it&rsquo;s easy to truncate an entire day of data when it reaches the <a href="https://github.com/cloudfoundry/metric-store-release/blob/develop/jobs/metric-store/spec#L31-L33">user-configurable retention period</a>.</p>
<p>The storage engine features a flexible query interface, which in turn simplified the implementation of the PromQL query parser. The end result is a full-featured <a href="https://prometheus.io/docs/prometheus/latest/querying/api/">PromQL API</a>. That means Metric Store can operate with other Prometheus-compatible tools, such as <a href="https://grafana.com/">Grafana</a>.</p>
<h2 dir="ltr">How to Deploy Metric Store with Cloud Foundry</h2>
<p dir="ltr">Want to test Metric Store with an open-source Cloud Foundry installation? You can use the <a href="https://github.com/cloudfoundry/metric-store-release/blob/master/manifests/ops-files/add-metric-store-to-cfd.yml">operations file</a> available in the Metric Store release. We recommend you deploy this along cf-deployment. It will provide you with a metric store that is available at <code>https://ossms.SYSTEM_DOMAIN</code>. It will automatically ingest all application metrics and platform metrics.</p>
<p>Check out the <a href="https://github.com/cloudfoundry/metric-store-release/blob/master/README.md">readme of the metric-store-release</a> repository for additional details and useful information.</p>
<p dir="ltr">Once you have Metric Store up and running, you can start using it for application or platform monitoring. In the following example, we explain the basics of the Prometheus Query language. Then, we show the power of the Metric Store with the help of a few sample use cases.</p>
<h3 dir="ltr">The Basics</h3>
<p dir="ltr">The Prometheus Query Language allows you to query for a metric, and then filter the results by tag. (See <a href="https://prometheus.io/docs/prometheus/latest/querying/basics/#instant-vector-selectors">here</a> for more details). For example, when you want to see the current CPU consumption of the third instance of your app, you can use the following query:</p>
<div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"><code>cpu{source_id=APP_GUID,instance_index=3}</code></div>
<p>You can also get past data. If you are interested memory consumption of the same app instance over the last 3 hours, you can modify the above query like this:</p>
<div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"><code>memory{source_id=APP_GUID,instance_index=3}[3h]</code></div>
<p><span style="color: rgb(85, 85, 85); font-size: 22px; font-weight: 700;">Use Case: Find all apps that in average used less than 25% of their allocated memory over the last six hours</span></p>
<p>Imagine you want to create a list of apps that don&rsquo;t use their allocated memory efficiently. You could downscale these apps to save money. You can run the following query against Metric Store to identify the potential candidates for downscaling:</p>
<div dir="ltr" style="background:#eee;border:1px solid #ccc;padding:5px 10px;"><code>curl -s -G -k -H &quot;Authorization: $(cf oauth-token)&quot; http://ossms.system.johannes.loggr.cf-app.com/api/v1/query --data- urlencode &nbsp;&quot;query=avg(avg_over_time(memory[5m])) by (source_id) / avg(avg_over_time(memory_quota[5m])) by (source_id) &lt; 0.25&quot; |&nbsp; jq &nbsp;.</code></div>
<p>This query provides a result like the following, which identifies overscaled applications with their application GUID&nbsp;and their current memory consumption.</p>
<div dir="ltr" style="background:#eee;border:1px solid #ccc;padding:5px 10px;">
<pre>
<code>{
&nbsp;&quot;status&quot;: &quot;success&quot;,
&nbsp;&quot;data&quot;: {
&nbsp;&nbsp;&nbsp;&quot;resultType&quot;: &quot;vector&quot;,
&nbsp;&nbsp;&nbsp;&quot;result&quot;: [
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&quot;metric&quot;: {
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&quot;source_id&quot;: &quot;a44b33e4-82dd-4566-9814-8b23a42a4558&quot;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;},
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&quot;value&quot;: [
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;1553836160.157,
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&quot;0.07624240294098855&quot;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;]
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;},
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&quot;metric&quot;: {
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&quot;source_id&quot;: &quot;184487e6-0153-4162-b30c-f9c1b72d9dcd&quot;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;},
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&quot;value&quot;: [
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;1553836160.157,
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&quot;0.062369791418313975&quot;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;]
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}
&nbsp;&nbsp;&nbsp;]
&nbsp;}
}
</code></pre>
</div>
<p><em>Note: You have to have admin privileges to run this query.</em></p>
<h2 dir="ltr">What&rsquo;s Next for Metric Store</h2>
<p dir="ltr">Next up for Metric Store: operability enhancements. As part of that, we are improving the monitoring aspects of the Metric Store, and adoption of the <a href="https://github.com/pivotal/monitoring-indicator-protocol">Monitoring Indicator Protocol</a>. We also plan to continue to explore the commercial version, with enhanced replication and scaling capabilities. We&rsquo;re also looking at how this feature might be used with Kubernetes. After that, we want to add support for recording rules and ingestion of Prometheus-compatible scraping endpoints.</p>
<h2 dir="ltr">Tell Us What You Think!</h2>
<p>If you have any questions, comments, or thoughts about the new Metric Store, we would love to hear from you. You can find us in the <a href="https://cloudfoundry.slack.com/messages/CHB7BCZS8/details/">#metric-store channel</a> of the Cloud Foundry Slack. Also, feel free to open an issue in <a href="https://github.com/cloudfoundry/metric-store-release">our Github repository</a>.</p>
<p dir="ltr"><span style="font-size: 15px; line-height: 0; position: relative; vertical-align: baseline; bottom: -0.25em;"><span style="font-weight: 700;">SAFE HARBOR STATEMENT</span></span></p>
<p dir="ltr"><span style="font-size: 15px; line-height: 0; position: relative; vertical-align: baseline; bottom: -0.25em;">This blog contains statements relating to Pivotal&rsquo;s expectations, projections, beliefs and prospects which are &quot;forward-looking statements&rdquo; within the meaning of the federal securities laws and by their nature are uncertain. Words such as &quot;believe,&quot; &quot;may,&quot; &quot;will,&quot; &quot;estimate,&quot; &quot;continue,&quot; &quot;anticipate,&quot; &quot;intend,&quot; &quot;expect,&quot; &quot;plans,&quot; and similar expressions are intended to identify forward-looking statements. Such forward-looking statements are not guarantees of future performance, and you are cautioned not to place undue reliance on these forward-looking statements. Actual results could differ materially from those projected in the forward-looking statements as a result of many factors, including but not limited to: (i) our limited operating history as an independent company, which makes it difficult to evaluate our prospects; (ii) the substantial losses we have incurred and the risks of not being able to generate sufficient revenue to achieve and sustain profitability; (iii) our future success depending in large part on the growth of our target markets; (iv) our future growth depending largely on Pivotal Cloud Foundry and our platform-related services; (v) our subscription revenue growth rate not being indicative of our future performance or ability to grow; (vi) our business and prospects being harmed if our customers do not renew their subscriptions or expand their use of our platform; (vii) any failure by us to compete effectively; (viii) our long and unpredictable sales cycles that vary seasonally and which can cause significant variation in the number and size of transactions that can close in a particular quarter; (ix) our lack of control of and inability to predict the future course of open-source technologies, including those used in Pivotal Cloud Foundry; and (x) any security or privacy breaches. All information set forth in this release is current as of the date of this release. These forward-looking statements are based on current expectations and are subject to uncertainties, risks, assumptions, and changes in condition, significance, value and effect as well as other risks disclosed previously and from time to time in documents filed by us with the U.S. Securities and Exchange Commission (SEC), including our prospectus dated April 19, 2018, and filed pursuant to Rule 424(b) under the U.S. Securities Act of 1933, as amended. Additional information will be made available in our quarterly report on Form 10-Q and other future reports that we may file with the SEC, which could cause actual results to vary from expectations. We disclaim any obligation&nbsp;</span><span style="font-size: 15px; line-height: 0; position: relative; vertical-align: baseline; bottom: -0.25em;">to,</span><span style="font-size: 15px; line-height: 0; position: relative; vertical-align: baseline; bottom: -0.25em;">&nbsp;and do not currently intend to, update any such forward-looking statements, whether written or oral, that may be made from time to time except as required by law.</span></p>
<p dir="ltr"><span style="font-size: 15px; line-height: 0; position: relative; vertical-align: baseline; bottom: -0.25em;">This blog also contains statements which are intended to outline the general direction of certain of Pivotal&#39;s offerings. It is intended for information purposes only and may not be incorporated into any contract. &nbsp;Any information regarding the pre-release of Pivotal offerings, future updates or other planned modifications is subject to ongoing evaluation by Pivotal and is subject to change. All software releases are on an if and when available basis and are subject to change. This information is provided without warranty or any kind, express or implied, and is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions regarding Pivotal&#39;s offerings. Any purchasing decisions should only be based on features currently available. &nbsp;The development, release, and timing of any features or functionality described for Pivotal&#39;s offerings in this blog remain at the sole discretion of Pivotal. Pivotal has no obligation to update forward-looking information in this blog.</span></p>
https://content.pivotal.io/blog/metric-store-a-cloud-native-time-series-database-for-cloud-foundry
514206894Wed, 10 Apr 2019 17:49:26 -0400Todd PersenBetting On Community: Why Pivotal is All-In On Open Source
<p dir="ltr">At Pivotal, we&rsquo;re dedicated to drawing upon open source projects and contributing back to their respective communities. Why? Because we believe community-based development is an essential practice in the modern software era, both for our customers and ourselves.</p>
<p dir="ltr">Pivotal may be best known for Pivotal Cloud Foundry (PCF), our distribution of the&nbsp;<a href="https://www.cloudfoundry.org/" target="_blank">Cloud Foundry open source project</a>, managed by the foundation of the same name. But the truth is that we develop, sponsor, and contribute to numerous other open source projects. Foremost is our work on technologies for cloud-native computing, including Kubernetes, Concourse, the Open Service Broker API, Istio, Spinnaker, and Knative.</p>
<p dir="ltr">We&rsquo;re active in other projects, too, such as Apache Tomcat, Apache Geode, PostgreSQL, RabbitMQ, Spring, and&nbsp;<a href="https://pivotal.io/open-source">many more</a>.</p>
<p dir="ltr">We&rsquo;re also members and participants in several prominent open source foundations, including the Apache Software Foundation, the Cloud Native Computing Foundation, the Eclipse Foundation, the Linux Foundation, and TODO.</p>
<p dir="ltr">We take pride in contributing these activities toward the common cause, but they&rsquo;re also central to how we build software. Let&rsquo;s examine a number of ways in which the open source software model offers unique and compelling value.</p>
<p dir="ltr">&nbsp;</p>
<h2 dir="ltr">1. Broad Industry Collaboration Leads to True Best-of-Breed Components</h2>
<p dir="ltr">There remains a perception that much of open source development is done by college students and hobbyists. But in the world of enterprise open source, this is seldom the case. Just look at the roster of&nbsp;<a href="https://thenewstack.io/contributes-linux-kernel/" target="_blank">contributors to the Linux kernel</a> and you&rsquo;ll see that the world&rsquo;s largest enterprises are all investing heavily in open source software development. In many cases, major competitors will all contribute to the same projects.</p>
<p dir="ltr">The reasons for this &ldquo;coopetition&rdquo; are clear. In many cases, enterprise backend and infrastructure software is non-differentiating&mdash;that is, one auto manufacturer&rsquo;s ERP system for ordering tires offers no competitive advantage versus another&rsquo;s. Thus, there&rsquo;s no reason not to collaborate. By working together to create software that best supports the needs of their industries, enterprises can more easily automate mundane tasks and concentrate on achieving business outcomes. For example, Ford, Mercedes-Benz, and Volkswagen&mdash;all Pivotal customers&mdash;are all members of the Linux Foundation&rsquo;s <a href="https://www.automotivelinux.org/" target="_blank">Automotive Grade Linux (AGL)</a> initiative to develop open source automotive software, including infotainment systems, instrument clusters, driver assistance systems, and more.</p>
<p dir="ltr">&nbsp;</p>
<h2 dir="ltr">2. The Open Source Community is a Massive Pool of Talent</h2>
<p dir="ltr">For developers today, contributing to open source software is the norm, not an oddity. From recent grads to seasoned professionals, hardly anyone is likely to say they&rsquo;ve never touched an open source code base.</p>
<p dir="ltr">For organizations looking to recruit developers, that&rsquo;s a massive boon. With open source code freely accessible to all, the pool of talent with experience with major open source projects is vast. What&rsquo;s more, modern, internet-based development tools and methods, such as public cloud platforms, distributed source code control, and CI/CD pipelines mean the people with the skills to execute projects are seldom more than a stone&rsquo;s throw away.</p>
<p dir="ltr">&nbsp;</p>
<h2 dir="ltr">3. Open Source Goes Hand-in-Hand with Open Standards</h2>
<p dir="ltr">While the benefits of open source are generally well understood, the value of open standards is often overlooked, though no less important. Not so long ago, proprietary protocols and data formats routinely left customers locked into particular software products. Today, however, the proliferation of open, community-based standards&mdash;often developed in tandem with open source projects&mdash;has leveled the playing field.</p>
<p>What this gives customers is greater choice. It makes it easier to choose between different databases, message queues, document stores, and other components of their enterprise software stacks, and swap one out for another as deemed necessary. Communication between components need no longer be a barrier to flexibility.</p>
<p>&nbsp;</p>
<h2 dir="ltr">4. Greater Transparency Leads to Greater Security</h2>
<p dir="ltr">There&rsquo;s no better way to understand what your software is doing than to examine the code. Before the advent of open source, few software companies permitted such scrutiny. Today it&rsquo;s routine, and researchers around the world regularly audit open source projects for vulnerabilities, both independently and within the corporate world.</p>
<p>That&rsquo;s not to say open source means a project is bulletproof. All software contains flaws, and there will always be the occasional doozy that leads to a major crisis. But open source development methods make it that much more likely that critical vulnerabilities will be caught quickly and, through industry collaboration, can be mitigated <a href="https://content.pivotal.io/blog/happy-monday-how-to-fix-a-kubernetes-cve-before-your-boss-and-the-rest-of-the-world-reads-about-it">before users are exposed to harm</a>.</p>
<p>&nbsp;</p>
<h2 dir="ltr">5. Nothing in Tech Lasts Forever</h2>
<p dir="ltr">Today&rsquo;s business environment is all about agility. The pace of innovation means companies must iterate faster, issuing software releases weekly if not daily. New technologies emerge rapidly and reach widespread adoption at an unprecedented rate. (For example, Kubernetes is only just approaching its fourth anniversary.)</p>
<p dir="ltr">Keeping up with this rapid pace of change means keeping our ear to the ground. By participating in the open source discussion, Pivotal is able to better identify what&rsquo;s coming next and strategize how best to integrate it into our offerings, with minimal disruption to customers. For example, we&rsquo;re already exploring ways to integrate such projects as&nbsp;<a href="https://www.cloudfoundry.org/project-eirini/" target="_blank">Eirini</a>,&nbsp;<a href="https://istio.io/" target="_blank">Istio</a>, and&nbsp;<a href="https://pivotal.io/knative" target="_blank">Knative</a> into our platform. And, conversely, the open dialogue means we can also open new conversations when we think the market is ready for change.</p>
<p dir="ltr">Kubernetes, microservices, streaming data, and serverless computing; these are just a few of the technologies we see leading the way for future application development. And as others emerge through community and industry consensus, we&rsquo;ll continue to work to ensure our customers can adopt them. We do all this so <a href="https://pivotal.io/customers">our customers</a> don&rsquo;t have to; instead, they can concentrate on their core business, whether it&rsquo;s building cars, selling insurance, or running retail stores.</p>
<p dir="ltr">&nbsp;</p>
<h2 dir="ltr">6. Open Source Helps Pivotal Deliver on Our Mission</h2>
<p dir="ltr">Of course, we don&rsquo;t just want our customers to consume open source. Pivotal takes advantage of many of these same attributes of open source to help advance our own business, too. For example, engaging with the community allows Pivotal to hire experts in emerging technologies from that same broad talent pool to help improve our software and deliver industry-leading support to our customers.</p>
<p dir="ltr">We believe the best path to success isn&rsquo;t to resist community consensus, but to embrace it. More importantly, even as technologies like Kubernetes become table stakes for modern infrastructure, drawing upon the cornucopia of open source projects allows Pivotal to focus on what we do best: delivering value on top of open source software, by building more vertically integrated offerings that offer the best developer and operations experiences.</p>
<p>All of this is to say that Pivotal believes that in today&rsquo;s market, building on and participating in open source is critical to success&mdash;both for ourselves and our customers. And we&rsquo;ll continue to seek out leading projects from the open source ecosystem to help evolve our offerings and ensure that we deliver the best platform for modern application delivery.</p>
<p>&nbsp;</p>
<hr />
<p><em>If you want to experience the Pivotal open source community, <a href="https://pivotal.io/open-source">check out our page</a> about all the projects we contribute to and don&rsquo;t forget to get your ticket to <a href="https://springoneplatform.io" target="_blank">SpringOne Platform</a> where you can hear from expert technologists across the open source universe.</em></p>
https://content.pivotal.io/blog/why-pivotal-is-all-in-on-open-source
514197600Wed, 10 Apr 2019 15:22:49 -0400Neil McAllister3 Reasons Behind T-Mobile’s Success with Kubernetes
<p dir="ltr">Many companies are experimenting with Kubernetes. Only some are achieving business outcomes with the technology. What can the experimenters learn from the success stories? Let&rsquo;s look at T-Mobile.</p>
<p dir="ltr">Founding members of T-Mobile&rsquo;s Platform Engineering Team, James Webb and Brendan Aye, have a lot to say about creating an on-premises container orchestration service using Kubernetes.</p>
<p dir="ltr">They shared some initial outcomes at <a href="https://content.pivotal.io/videos/making-multi-cloud-a-reality-at-t-mobile-brendan-aye-james-webb?utm_source=pivotal-blog&amp;utm_medium=blog-link&amp;utm_campaign=blog-t-mobile-success-with-kubernetes-q119">SpringOne Platform</a> and <a href="https://youtu.be/1qcTu2QUtrU">KubeCon</a>&mdash;most notably that T-Mobile is successfully running mission critical applications with Kubernetes, powered by <a href="https://pivotal.io/platform/pivotal-container-service?utm_source=pivotal-blog&amp;utm_medium=blog-link&amp;utm_campaign=blog-t-mobile-success-with-kubernetes-q119">Pivotal Container Service (PKS)</a>. These workloads include third-party software applications that are vital to T-Mobile&rsquo;s order management and customer support, as well as other consumer-facing apps like <a href="http://maps.t-mobile.com/">maps.t-mobile.com</a>.</p>
<p dir="ltr">All of this was accomplished in a relatively short amount of time. So how did T-Mobile&rsquo;s platform team realize value from it&rsquo;s Kubernetes service so quickly?</p>
<p>&nbsp;</p>
<p dir="ltr"><img src="https://lh6.googleusercontent.com/JLfN6LjSFnVwVO9_q-cm9nFXksWC5Xldet4h99ki5iQkW3YPecGR4tloEbGWEsHROSrlQPq2RrPRg8OwlakFlICx-n4tZQWEkUc69Yl5x9uKTBM2NOAnaDqgzZOhT2EYjmTqu9gv" /></p>
<p>&nbsp;</p>
<p dir="ltr">When listening to Webb and Aye discuss their work, what bubbles up is that they&rsquo;ve learned a lot from managing their application platform, <a href="https://pivotal.io/platform/pivotal-application-service?utm_source=pivotal-blog&amp;utm_medium=blog-link&amp;utm_campaign=blog-t-mobile-success-with-kubernetes-q119">Pivotal Application Service (PAS</a>). Their experience with the app platform informed their approach to Kubernetes, with excellent results. Here are some of the things that have contributed to T-Mobile&rsquo;s success with Kubernetes in production:</p>
<p>&nbsp;</p>
<h2 dir="ltr">1. Run Your App Platform and Container Orchestrator Side-by-Side, With Shared Tooling Wherever Possible</h2>
<p dir="ltr">&ldquo;We are huge fans of BOSH,&rdquo; said Aye. &ldquo;The whole day-two operations piece of the upgrades, the OS patching...it all makes the process so seamless for us and consistent across both environments.&rdquo;</p>
<p dir="ltr">T-Mobile&rsquo;s story underscores the value of employing abstractions for applications and containers in a single platform. When you have both abstractions running in the same control plane, more workloads will benefit from the automation and security features of <a href="https://pivotal.io/platform?utm_source=pivotal-blog&amp;utm_medium=blog-link&amp;utm_campaign=blog-t-mobile-success-with-kubernetes-q119">Pivotal Cloud Foundry (PCF)</a>. A single platform means application teams don&rsquo;t have to switch back and forth between completely different systems. Platform teams also benefit from one set of technology tools to learn and manage. Using one platform enables teams to be more efficient and focused on delivering great software for the business.</p>
<p dir="ltr">Built on the common operational foundation of <a href="https://pivotal.io/platform">BOSH</a>, PKS provides an excellent environment for containerized workloads to run alongside PAS applications. The reality is you&rsquo;re going to have Kubernetes and an application platform working together. It&rsquo;s not an either/or decision. <a href="https://redmonk.com/sogrady/2017/06/22/cf-summit-17/">Industry pundits have been saying this for a while</a>, and more enterprises are following this advice.</p>
<p dir="ltr">According to Webb and Aye, T-Mobile has been &ldquo;wildly successful&rdquo; with PAS (which Aye and Webb sometimes refer to as their Platform-as-a-Service or PaaS). <a href="https://content.pivotal.io/videos/making-multi-cloud-a-reality-at-t-mobile-brendan-aye-james-webb?utm_source=pivotal-blog&amp;utm_medium=blog-link&amp;utm_campaign=t-mobile-journey-q119">During an interview at SpringOne Platform</a>, Webb explained that T-Mobile&rsquo;s PAS &ldquo;is our first choice for apps, especially for code that&#39;s written in-house.&rdquo;</p>
<p>&nbsp;</p>
<p dir="ltr">Take a look at the outcomes they shared at KubeCon:</p>
<p>&nbsp;</p>
<p dir="ltr" style="text-align: center;"><img alt="" src="https://content.cdntwrk.com/files/aHViPTYzOTc1JmNtZD1pdGVtZWRpdG9yaW1hZ2UmZmlsZW5hbWU9aXRlbWVkaXRvcmltYWdlXzVjYWUzYmM5NTdlYjYucG5nJnZlcnNpb249MDAwMCZzaWc9MGM0OTAxYTAyNjY1MGQwZWMyNjEyODA3NzRmNGIwNGE%253D" style="width: 900px; height: 505px;" /></p>
<p>&nbsp;</p>
<p dir="ltr">T-Mobile uses PKS to run workloads that don&rsquo;t quite fit in the 12-factor app world, as well as commercial off-the-shelf (COTS) software packages. &ldquo;A lot of vendors come with pre-supplied containers, or we have applications that require persistent storage,&rdquo; Webb said.</p>
<p dir="ltr">For example, T-Mobile&rsquo;s order management system is a third-party application. This application uses a local cache which then offers out a RMI port to receive updates to that cache. It uses TCP routing (instead of HTTP routing) and the cache should have persistent storage underneath but does not. These requirements are &ldquo;non-standard&rdquo; in the &ldquo;PaaS world,&rdquo; noted Aye.</p>
<p dir="ltr">Now, these types of containerized applications run on PKS. &ldquo;They [the application teams] could run a much more generic container in Kubernetes, get best in class orchestration, and be able to really adapt to the needs that they have: be able to deliver services from vendors or from Docker Hub, whatever they want to do,&rdquo; explained Aye.</p>
<p>&ldquo;The first app actually went live [on PKS] in August [2018] and it&#39;s <a href="http://maps.t-mobile.com/">maps.t-mobile.com</a>,&rdquo; said Webb. &ldquo;It&#39;s a coverage map where you put in a location and it shows you T-Mobile coverage in that area. This is also a very cool example because they are running in three or four different places and load balancing across them. So they are running in our on-prem Kubernetes, they&#39;re running in our on-prem PaaS and they are running in the public cloud.&rdquo;</p>
<p>&nbsp;</p>
<h2 dir="ltr">2. Experience with PAS informs T-Mobile&rsquo;s requirements for Kubernetes.</h2>
<p dir="ltr">&ldquo;We set a very high bar for how we supported [developers] on the PaaS side,&rdquo; Webb said at KubeCon.</p>
<p>In the years since Webb and Aye began managing PAS, they&rsquo;ve learned a lot about running a platform and what it can (and should) offer. As it turns out, already running a distributed system like PAS at scale is helpful when you want to add Kubernetes into the mix.</p>
<p dir="ltr">In fact, the success with PAS helped Webb and Aye determine their requirements for a Kubernetes service (or &ldquo;CaaS&rdquo; for container-as-a-service). They wanted the same high availability, resilience, scaling and automation that they have for PAS in their Kubernetes service. PKS met those requirements. And, because PKS is part of PCF, it shares an operational toolchain with PAS.</p>
<p dir="ltr">In addition to a native Kubernetes experience, they wanted a lot of built-in services and support. &ldquo;And most importantly,&rdquo; said Webb, &ldquo;centralized logging and metrics. That&#39;s a big, big deal.&rdquo; Here was the full set of requirements they gathered, as shared at KubeCon:</p>
<p>&nbsp;</p>
<p dir="ltr"><img src="https://lh5.googleusercontent.com/66CoxjrMcPcblXNe_4u9R2pqcCh1li-0b2Lv3erLRZvSUSOHLS6A8ryS7-S-5uSx-agdXrLVODNDKgtQRlTaPfJpNW4NHfzuCFAURa_V1OjBdZFrHFzme-ylVMV9aeXOByCcU-Fu" /></p>
<p>&nbsp;</p>
<p dir="ltr">A valuable nugget of advice from Webb and Aye is the importance of setting up automated deployment for a Kubernetes service right from the start. &ldquo;A huge lesson learned on the Cloud Foundry side was everything we installed to start with, we installed by hand,&rdquo; said Webb. &ldquo;And now&hellip; they are automating the mound of tech debt that we left behind. On the CaaS side, we wanted to start with automating everything we possibly can. Not just control points but cluster builds.&rdquo;</p>
<p dir="ltr">Using a continuous integration and delivery (CI/CD) tool such as <a href="https://pivotal.io/concourse?utm_source=pivotal-blog&amp;utm_medium=blog-link&amp;utm_campaign=blog-t-mobile-success-with-kubernetes-q119">Concourse</a> provides the automation needed to upgrade and patch efficiently. The CI/CD pipelines that Webb and Aye&rsquo;s team already implemented for PAS serves as a model, making it easier to build the pipelines for PKS. This automation allowed Webb and Aye to address the December 2018 <a href="https://www.zdnet.com/article/kubernetes-first-major-security-hole-discovered/">Kubernetes vulnerability</a> very quickly across all of their clusters, with no downtime.</p>
<p dir="ltr">&ldquo;The same day that the 1.11.5 patch was released for the API CVE, we were patched within 36 hours. And we&#39;ve seen this back on the PAS side as well, where usually our systems are patched far ahead of anyone else&#39;s systems because it&rsquo;s a single action to initiate a patch,&rdquo; said Webb.</p>
<p dir="ltr">&nbsp;</p>
<p dir="ltr">Learn more about <a href="https://content.pivotal.io/blog/happy-monday-how-to-fix-a-kubernetes-cve-before-your-boss-and-the-rest-of-the-world-reads-about-it?utm_source=pivotal-blog&amp;utm_medium=blog-link&amp;utm_campaign=blog-t-mobile-success-with-kubernetes-q119">how to fix a Kubernetes CVE before it goes public</a>.</p>
<p><br />
&nbsp;</p>
<h2 dir="ltr">3. Apply platform-as-a-product principles.</h2>
<p>Perhaps one of the messiest parts of establishing Kubernetes comes down to deciding how this technology will fit into the organization&rsquo;s existing roles and responsibilities.&nbsp; &nbsp;</p>
<p dir="ltr">Kubernetes is relatively immature&mdash;it&rsquo;s easy to forget that the tech has only been around since 2014. There are many different ways to configure Kubernetes, but most admins will use kubectl to apply configurations to a cluster (infrastructure tasks) and for deploying, scaling and cycling apps (application tasks). Kubernetes is not known for its ease of use. As Webb put it, &ldquo;with Kubernetes there&rsquo;s a steep learning curve.&rdquo;</p>
<p dir="ltr">To help with that learning curve, the T-Mobile team wanted to automate reference designs and best practice configurations to help developers get to production. PKS helps with that. As Webb described it, &ldquo;You have a set of plans and then you choose which plan you want to use, choose how many nodes you want, press a button, deploy the cluster.&rdquo;</p>
<p dir="ltr">The &ldquo;menu&rdquo; of configurations in PKS allows Webb and Aye&rsquo;s platform team to configure clusters in whatever way is most relevant to T-Mobile&rsquo;s application teams. Webb and Aye take responsibility for building Kubernetes clusters that deliver superior uptime and security standards for the enterprise. They&rsquo;re not limited to a single cluster configuration from a managed service offering. Nor are the app teams burdened by having to build and configure their own clusters. PKS provides functionalities that cater to the divergent needs of platform teams and application teams.</p>
<p>&nbsp;</p>
<p dir="ltr"><img src="https://lh6.googleusercontent.com/E6c59WJVwN5QpE24dts-ZLT_rxcsrIZM_GcBmEjC5iH61fC92fIW305TwSw5UYroE6SMdPNpOwj2ci-bSNXxTdaqRky9eK4vzJMsP3lDANljGEETfgVdKuTnWzTNzr2X2H-91HwI" /></p>
<p>&nbsp;</p>
<p dir="ltr">At T-Mobile, the teams are structured to take full advantage of the <a href="https://content.pivotal.io/white-papers/pivotal-platform-solutions-why-you-should-treat-platform-as-a-product?utm_source=pivotal-blog&amp;utm_medium=blog-link&amp;utm_campaign=blog-t-mobile-success-with-kubernetes-q119">platform-as-a-product</a> practice model. Aye and Webb are a part of the Platform Team which manages and delivers the platform (&ldquo;product&rdquo;) to application teams (&ldquo;customers&rdquo;). Delivering a platform involves more interactions than just maintenance and provisioning an environment. &ldquo;We&#39;re being advocates for the platform&hellip; We are actively helping users develop good patterns. It helps us understand their workloads. It helps them understand our concerns as well,&rdquo; Webb explained.</p>
<p dir="ltr">&ldquo;We&#39;re looking to provide, at least for the initial go around, a curated environment,&rdquo; Webb noted at Kubecon. &ldquo;We&#39;re not handing over clusters with cluster administrator access and then they [developers] go to town. We are providing a resource.&rdquo;</p>
<p dir="ltr">&ldquo;Once a cluster is deployed, we have some more pipelines that kick in and basically &lsquo;T-Mobilize&rsquo; the cluster,&rdquo; said Webb. We install monitoring and persistent storage, ingress, logging. It&#39;s still some manual steps to get the internal balancers configured.... [and then] we consider the cluster production ready.&rdquo;</p>
<p dir="ltr"><img src="https://lh4.googleusercontent.com/ga1huUwRXuue0nyYYahWASmWjz6d8WX9c0SQgwIuYkJCxaPNpt2_dsXQdQEJWOOCrRu3VghQEnAbzAVaKJxTwe90K8NLHjMKdvmxZSOQZpk38yF6r_ZhgCrsxce7hkjYCS5ciKz_" /></p>
<p>&nbsp;</p>
<p dir="ltr">As the cluster owners, Webb and Aye are also collaborating with T-Mobile&rsquo;s public cloud team to determine a common Kubernetes offering.</p>
<p>&ldquo;It&#39;s very important from our standpoint that when teams move between on-premise and Cloud providers, they don&#39;t have to learn a whole new set of workflows or API pulls,&rdquo; said Aye. &ldquo;Using Kubernetes as that abstraction, kubectl or the Kubernetes API is what you have to learn. You don&#39;t have to learn AWS versus Azure versus GCP. You can focus on that abstraction and move much more quickly between on-prem and Cloud providers.&rdquo;</p>
<p dir="ltr">Webb and Aye&rsquo;s Platform team does all the heavy lifting and delivers production clusters allowing their customers to focus on coding. &nbsp;</p>
<p>&nbsp;</p>
<h2 dir="ltr">Kubernetes Supports a Business Need</h2>
<p dir="ltr">Sticking to all the best practices won&rsquo;t make a difference if your technology stack isn&rsquo;t aligned with your business. Kubernetes (or any new tech) will merely be a shiny object to tinker with unless it is implemented to address a clearly-defined business problem.</p>
<p dir="ltr">Aye and Webb needed a CaaS to run 3rd party software that is critical to T-Mobile&rsquo;s business. They established their requirements for Kubernetes based on their experience and success with PAS. And they can now track business outcomes to make sure the technology is delivering valuable outcomes.</p>
<p dir="ltr">&nbsp;</p>
<hr />
<p dir="ltr"><em>Learn about more Kubernetes best practices from this recent webinar: <a href="https://content.pivotal.io/webinars/apr-11-6-things-you-need-to-know-to-safely-run-kubernetes-webinar?utm_source=pivotal-blog&amp;utm_medium=blog-link&amp;utm_campaign=blog-t-mobile-success-with-kubernetes-q119">6 Things You Need To Know to Safely Run Kubernetes &nbsp;</a></em></p>
<p>&nbsp;</p>
<p><em>Did T-Mobile&rsquo;s choice of PKS pique your curiosity?<a href="https://kb.vmtestdrive.com/hc/en-us/articles/360006297834-Pivotal-Container-Service-Quick-Start"> Test Drive PKS Now!</a></em></p>
<p>&nbsp;</p>
<p dir="ltr"><em>Watch the Webb and Aye&#39;s complete talk at KubeCon and their interview at SpringOne Platform:</em></p>
<p style="text-align: center;"><iframe allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="" frameborder="0" height="315" src="https://www.youtube.com/embed/sRZTAueWT14" width="560"></iframe></p>
<p>&nbsp;</p>
<p style="text-align: center;"><iframe allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="" frameborder="0" height="315" src="https://www.youtube.com/embed/1qcTu2QUtrU" width="560"></iframe></p>
https://content.pivotal.io/blog/3-reasons-behind-t-mobile-s-success-with-kubernetes
514151892Wed, 10 Apr 2019 12:27:33 -0400Danielle Burrow